# Internet Options in Control Panel missing



## baffledUK (Jul 2, 2012)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, x64 Family 6 Model 23 Stepping 7
Processor Count: 4
RAM: 3070 Mb
Graphics Card: NVIDIA GeForce 7100 / NVIDIA nForce 630i, 256 Mb
Hard Drives: C: Total - 600238 MB, Free - 429472 MB;
Motherboard: Packard Bell BV, MCP73PVT-PM
Antivirus: ZoneAlarm Antivirus, Updated and Enabled.

Internet options missing from control panel, can't reinstall IE9

Please help,,,,I think I lost the above after Windows Update installed. Following is hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:38:02, on 02/07/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Users\currys\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\currys\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: script helper for ie - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\currys\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\currys\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090910103721
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1322783446664
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - (no CLSID) - (no file)
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Updater Service (IBUpdaterService) - Intel Corporation - (no file)
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--
End of file - 10126 bytes


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log, checkup.txt and a fresh HijackThis log *in your next reply

eddie_


----------



## baffledUK (Jul 2, 2012)

Thanks Eddie
Results of screen317's Security Check version 0.99.42 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Disabled! 
ZoneAlarm Antivirus 
Microsoft Security Essentials 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
SUPERAntiSpyware 
Malwarebytes Anti-Malware version 1.61.0.1400 
TuneUp Utilities Language Pack (en-GB) 
CCleaner 
TweakNow RegCleaner 2011 
SlimCleaner 
AML Free Registry Cleaner 4.20 
Advanced Disk Cleaner 
Auslogics Registry Cleaner 
Java(TM) 6 Update 17 
Java(TM) 6 Update 22 
*Java version out of Date!* 
Adobe Flash Player 11.3.300.262 
Adobe Reader 8 *Adobe Reader out of Date!* 
Adobe Reader X (10.1.3) 
Mozilla Firefox (14.0) 
Google Chrome 19.0.1084.56 
Google Chrome 20.0.1132.47 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
CheckPoint ZoneAlarm vsmon.exe 
CheckPoint ZoneAlarm zatray.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0 % 
*````````````````````End of Log``````````````````````*

alwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
currys :: EAMONNS [administrator]

Protection: Disabled

04/07/2012 00:47:50
mbam-log-2012-07-04 (00-47-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 420655
Time elapsed: 1 hour(s), 27 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

PERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/04/2012 at 01:55 PM

Application Version : 5.5.1006

Core Rules Database Version : 8844
Trace Rules Database Version: 6656

Scan type : Complete Scan
Total Scan Time : 01:44:57

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 682
Memory threats detected : 0
Registry items scanned : 35280
Registry threats detected : 10
File items scanned : 243217
File threats detected : 54

PUP.bProtector
HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ http://www.google.co.uks-hp/ ]
HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} ]
HKLM\System\CurrentControlSet\Services\bProtector
HKLM\System\CurrentControlSet\Services\bProtector#Type
HKLM\System\CurrentControlSet\Services\bProtector#Start
HKLM\System\CurrentControlSet\Services\bProtector#ErrorControl
HKLM\System\CurrentControlSet\Services\bProtector#DisplayName
HKLM\System\CurrentControlSet\Services\bProtector#ObjectName
HKLM\System\CurrentControlSet\Services\bProtector#Description
HKLM\System\CurrentControlSet\Services\bProtector#FailureActions

Adware.Tracking Cookie
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.gostats.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.gostats.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.stats.ilivid.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.gostats.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\COOKIES.SQLITE ]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:06, on 04/07/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Users\currys\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: script helper for ie - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\currys\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090910103721
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1322783446664
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - (no CLSID) - (no file)
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Updater Service (IBUpdaterService) - Intel Corporation - (no file)
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--
End of file - 10017 bytes
Thanks for your help really appreciated, hope I have done all you asked.


----------



## eddie5659 (Mar 19, 2001)

Yep, the logs are all correct 

--------

Uninstall these programs because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 
Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://www.edbott.com/weblog/?p=643

TweakNow RegCleaner 2011
AML Free Registry Cleaner 4.20
SlimCleaner

-----------

Your Java is out of date, so lets do that next:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 5 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u5-windows-i586.exe* and select "Run as an Administrator.")

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

-----------------

You also have two versions of Adobe Reader:

Adobe Reader 8
Adobe Reader X (10.1.3)

Uninstall Adobe Reader 8, as this is the older version, and won't be patched fully, which can leave you open to any malicious files out there.

-----------------

Can you run the following tools, and copy/paste the logs that they produce here. If its over a few posts, that's fine 

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









-------------------------

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## baffledUK (Jul 2, 2012)

Thanks Eddie
10:41:52.0652 2536 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:41:54.0655 2536 ============================================================
10:41:54.0655 2536 Current date / time: 2012/07/06 10:41:54.0655
10:41:54.0655 2536 SystemInfo:
10:41:54.0655 2536 
10:41:54.0655 2536 OS Version: 6.0.6002 ServicePack: 2.0
10:41:54.0655 2536 Product type: Workstation
10:41:54.0656 2536 ComputerName: EAMONNS
10:41:54.0656 2536 UserName: currys
10:41:54.0656 2536 Windows directory: C:\Windows
10:41:54.0656 2536 System windows directory: C:\Windows
10:41:54.0656 2536 Processor architecture: Intel x86
10:41:54.0656 2536 Number of processors: 4
10:41:54.0656 2536 Page size: 0x1000
10:41:54.0656 2536 Boot type: Normal boot
10:41:54.0656 2536 ============================================================
10:42:01.0665 2536 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:01.0777 2536 ============================================================
10:42:01.0777 2536 \Device\Harddisk0\DR0:
10:42:01.0777 2536 MBR partitions:
10:42:01.0777 2536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x494572B0
10:42:01.0777 2536 ============================================================
10:42:01.0809 2536 C: <-> \Device\Harddisk0\DR0\Partition0
10:42:01.0809 2536 ============================================================
10:42:01.0809 2536 Initialize success
10:42:01.0809 2536 ============================================================
10:43:06.0037 1384 ============================================================
10:43:06.0038 1384 Scan started
10:43:06.0038 1384 Mode: Manual; SigCheck; 
10:43:06.0038 1384 ============================================================
10:43:06.0819 1384 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:43:06.0951 1384 !SASCORE - ok
10:43:07.0384 1384 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:43:07.0466 1384 ACPI - ok
10:43:07.0831 1384 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
10:43:07.0859 1384 AdobeActiveFileMonitor6.0 - ok
10:43:07.0968 1384 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:43:07.0993 1384 AdobeARMservice - ok
10:43:08.0374 1384 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:08.0392 1384 AdobeFlashPlayerUpdateSvc - ok
10:43:08.0459 1384 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:43:08.0493 1384 adp94xx - ok
10:43:08.0548 1384 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:43:08.0585 1384 adpahci - ok
10:43:08.0795 1384 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:43:08.0813 1384 adpu160m - ok
10:43:08.0838 1384 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:43:08.0864 1384 adpu320 - ok
10:43:09.0313 1384 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
10:43:09.0358 1384 AdvancedSystemCareService5 - ok
10:43:09.0413 1384 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:43:09.0471 1384 AeLookupSvc - ok
10:43:09.0494 1384 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
10:43:09.0549 1384 AFD - ok
10:43:09.0571 1384 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:43:09.0588 1384 agp440 - ok
10:43:09.0621 1384 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:43:09.0638 1384 aic78xx - ok
10:43:09.0653 1384 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:43:09.0707 1384 ALG - ok
10:43:09.0719 1384 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:43:09.0735 1384 aliide - ok
10:43:09.0747 1384 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:43:09.0765 1384 amdagp - ok
10:43:09.0782 1384 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:43:09.0799 1384 amdide - ok
10:43:09.0809 1384 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:43:09.0843 1384 AmdK7 - ok
10:43:09.0860 1384 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:43:09.0897 1384 AmdK8 - ok
10:43:10.0034 1384 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:43:10.0110 1384 AntiVirSchedulerService - ok
10:43:10.0130 1384 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:43:10.0158 1384 AntiVirService - ok
10:43:10.0274 1384 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:43:10.0321 1384 Appinfo - ok
10:43:10.0353 1384 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:43:10.0369 1384 arc - ok
10:43:10.0387 1384 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:43:10.0406 1384 arcsas - ok
10:43:10.0525 1384 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:43:10.0555 1384 aspnet_state - ok
10:43:10.0562 1384 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:10.0613 1384 AsyncMac - ok
10:43:10.0635 1384 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:43:10.0659 1384 atapi - ok
10:43:10.0689 1384 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:43:10.0731 1384 AudioEndpointBuilder - ok
10:43:10.0736 1384 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:43:10.0769 1384 Audiosrv - ok
10:43:10.0787 1384 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
10:43:10.0864 1384 avgntflt - ok
10:43:10.0891 1384 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
10:43:10.0925 1384 avipbb - ok
10:43:10.0943 1384 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:43:10.0966 1384 avkmgr - ok
10:43:11.0007 1384 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:43:11.0062 1384 Beep - ok
10:43:11.0116 1384 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:43:11.0189 1384 BFE - ok
10:43:11.0241 1384 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:43:11.0312 1384 BITS - ok
10:43:11.0321 1384 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:43:11.0366 1384 blbdrive - ok
10:43:11.0444 1384 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
10:43:11.0471 1384 Bonjour Service - ok
10:43:11.0498 1384 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
10:43:11.0550 1384 bowser - ok
10:43:11.0565 1384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:43:11.0603 1384 BrFiltLo - ok
10:43:11.0614 1384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:43:11.0646 1384 BrFiltUp - ok
10:43:11.0669 1384 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:43:11.0723 1384 Browser - ok
10:43:11.0735 1384 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:43:11.0881 1384 Brserid - ok
10:43:11.0893 1384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:43:11.0944 1384 BrSerWdm - ok
10:43:11.0969 1384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:43:12.0023 1384 BrUsbMdm - ok
10:43:12.0035 1384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:43:12.0091 1384 BrUsbSer - ok
10:43:12.0107 1384 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:43:12.0166 1384 BTHMODEM - ok
10:43:12.0173 1384 catchme - ok
10:43:12.0191 1384 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:43:12.0229 1384 cdfs - ok
10:43:12.0250 1384 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:43:12.0297 1384 cdrom - ok
10:43:12.0320 1384 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:43:12.0349 1384 CertPropSvc - ok
10:43:12.0358 1384 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:43:12.0402 1384 circlass - ok
10:43:12.0443 1384 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:43:12.0476 1384 CLFS - ok
10:43:12.0527 1384 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:12.0545 1384 clr_optimization_v2.0.50727_32 - ok
10:43:12.0611 1384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:12.0665 1384 clr_optimization_v4.0.30319_32 - ok
10:43:12.0706 1384 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:43:12.0723 1384 cmdide - ok
10:43:12.0741 1384 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
10:43:12.0790 1384 Compbatt - ok
10:43:12.0795 1384 COMSysApp - ok
10:43:12.0825 1384 cpuz134 - ok
10:43:12.0836 1384 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:43:12.0859 1384 crcdisk - ok
10:43:12.0873 1384 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:43:12.0910 1384 Crusoe - ok
10:43:12.0944 1384 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:43:13.0002 1384 CryptSvc - ok
10:43:13.0049 1384 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:43:13.0108 1384 DcomLaunch - ok
10:43:13.0125 1384 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
10:43:13.0174 1384 DfsC - ok
10:43:13.0287 1384 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:43:13.0368 1384 DFSR - ok
10:43:13.0477 1384 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:43:13.0513 1384 Dhcp - ok
10:43:13.0536 1384 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:43:13.0563 1384 disk - ok
10:43:13.0586 1384 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
10:43:13.0621 1384 Dnscache - ok
10:43:13.0643 1384 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:43:13.0689 1384 dot3svc - ok
10:43:13.0711 1384 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:43:13.0775 1384 Dot4 - ok
10:43:13.0790 1384 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:43:13.0839 1384 Dot4Print - ok
10:43:13.0849 1384 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:43:13.0894 1384 dot4usb - ok
10:43:13.0910 1384 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:43:13.0953 1384 DPS - ok
10:43:13.0982 1384 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:43:14.0014 1384 drmkaud - ok
10:43:14.0055 1384 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
10:43:14.0107 1384 DXGKrnl - ok
10:43:14.0130 1384 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:43:14.0168 1384 E1G60 - ok
10:43:14.0196 1384 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:43:14.0245 1384 EapHost - ok
10:43:14.0276 1384 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:43:14.0311 1384 Ecache - ok
10:43:14.0352 1384 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:43:14.0405 1384 ehRecvr - ok
10:43:14.0442 1384 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:43:14.0493 1384 ehSched - ok
10:43:14.0506 1384 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:43:14.0537 1384 ehstart - ok
10:43:14.0577 1384 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:43:14.0610 1384 elxstor - ok
10:43:14.0652 1384 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:43:14.0725 1384 EMDMgmt - ok
10:43:14.0735 1384 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:43:14.0772 1384 ErrDev - ok
10:43:14.0819 1384 ETService (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
10:43:14.0845 1384 ETService ( UnsignedFile.Multi.Generic ) - warning
10:43:14.0845 1384 ETService - detected UnsignedFile.Multi.Generic (1)
10:43:14.0869 1384 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:43:14.0906 1384 EventSystem - ok
10:43:14.0924 1384 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:43:14.0988 1384 exfat - ok
10:43:15.0011 1384 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
10:43:15.0039 1384 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
10:43:15.0039 1384 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
10:43:15.0067 1384 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:43:15.0124 1384 fastfat - ok
10:43:15.0149 1384 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:43:15.0183 1384 fdc - ok
10:43:15.0218 1384 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:43:15.0275 1384 fdPHost - ok
10:43:15.0280 1384 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:43:15.0348 1384 FDResPub - ok
10:43:15.0361 1384 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:43:15.0386 1384 FileInfo - ok
10:43:15.0397 1384 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:43:15.0433 1384 Filetrace - ok
10:43:15.0504 1384 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:43:15.0565 1384 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:43:15.0565 1384 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:43:15.0577 1384 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:15.0616 1384 flpydisk - ok
10:43:15.0642 1384 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:43:15.0675 1384 FltMgr - ok
10:43:15.0780 1384 FontCache (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
10:43:15.0849 1384 FontCache - ok
10:43:15.0921 1384 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:15.0938 1384 FontCache3.0.0.0 - ok
10:43:15.0967 1384 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:43:15.0981 1384 fssfltr - ok
10:43:16.0140 1384 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:43:16.0220 1384 fsssvc - ok
10:43:16.0326 1384 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:16.0392 1384 Fs_Rec - ok
10:43:16.0404 1384 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:43:16.0422 1384 gagp30kx - ok
10:43:16.0451 1384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:16.0471 1384 GEARAspiWDM - ok
10:43:16.0530 1384 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:43:16.0548 1384 GoogleDesktopManager-051210-111108 - ok
10:43:16.0554 1384 GoogleDesktopManager-110309-193829 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:43:16.0570 1384 GoogleDesktopManager-110309-193829 - ok
10:43:16.0595 1384 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
10:43:16.0610 1384 GoToAssist - ok
10:43:16.0654 1384 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:43:16.0736 1384 gpsvc - ok
10:43:16.0760 1384 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:43:16.0775 1384 gupdate - ok
10:43:16.0779 1384 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:43:16.0796 1384  gupdatem - ok
10:43:16.0818 1384 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:43:16.0854 1384 gusvc - ok
10:43:16.0907 1384 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
10:43:16.0957 1384 HdAudAddService - ok
10:43:17.0036 1384 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:17.0090 1384 HDAudBus - ok
10:43:17.0118 1384 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:43:17.0171 1384 HidBth - ok
10:43:17.0185 1384 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:43:17.0242 1384 HidIr - ok
10:43:17.0256 1384 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
10:43:17.0289 1384 hidserv - ok
10:43:17.0305 1384 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:17.0364 1384 HidUsb - ok
10:43:17.0383 1384 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:43:17.0429 1384 hkmsvc - ok
10:43:17.0446 1384 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:43:17.0462 1384 HpCISSs - ok
10:43:17.0528 1384 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:43:17.0552 1384 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:43:17.0552 1384 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:43:17.0568 1384 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:43:17.0590 1384 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:43:17.0590 1384 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:43:17.0637 1384 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:43:17.0703 1384 HTTP - ok
10:43:17.0717 1384 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:43:17.0733 1384 i2omp - ok
10:43:17.0745 1384 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:17.0783 1384 i8042prt - ok
10:43:17.0810 1384 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:43:17.0834 1384 iaStorV - ok
10:43:17.0916 1384 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:43:17.0962 1384 idsvc - ok
10:43:17.0985 1384 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:43:17.0999 1384 iirsp - ok
10:43:18.0053 1384 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:43:18.0101 1384 IKEEXT - ok
10:43:18.0127 1384 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
10:43:18.0153 1384 int15 - ok
10:43:18.0341 1384 IntcAzAudAddService (bfcd7edc663f513e7c4a0b9400e58c70) C:\Windows\system32\drivers\RTKVHDA.sys
10:43:18.0512 1384 IntcAzAudAddService - ok
10:43:18.0590 1384 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:43:18.0607 1384 intelide - ok
10:43:18.0617 1384 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:43:18.0655 1384 intelppm - ok
10:43:18.0677 1384 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:43:18.0728 1384 IPBusEnum - ok
10:43:18.0743 1384 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:18.0789 1384 IpFilterDriver - ok
10:43:18.0829 1384 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
10:43:18.0871 1384 iphlpsvc - ok
10:43:18.0875 1384 IpInIp - ok
10:43:18.0894 1384 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:43:18.0937 1384 IPMIDRV - ok
10:43:18.0956 1384 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:43:19.0020 1384 IPNAT - ok
10:43:19.0037 1384 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:43:19.0076 1384 IRENUM - ok
10:43:19.0090 1384 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:43:19.0106 1384 isapnp - ok
10:43:19.0137 1384 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:43:19.0156 1384 iScsiPrt - ok
10:43:19.0199 1384 ISWKL (ee8bed092a58a4faeb08dc140729189e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:43:19.0222 1384 ISWKL - ok
10:43:19.0259 1384 IswSvc (aa7fd6a7532ef23fdcfc030195c148f9) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
10:43:19.0291 1384 IswSvc - ok
10:43:19.0303 1384 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:43:19.0320 1384 iteatapi - ok
10:43:19.0333 1384 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:43:19.0349 1384 iteraid - ok
10:43:19.0373 1384 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:19.0396 1384 kbdclass - ok
10:43:19.0403 1384 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:43:19.0462 1384 kbdhid - ok
10:43:19.0475 1384 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:19.0510 1384 KeyIso - ok
10:43:19.0538 1384 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
10:43:19.0562 1384 KL1 - ok
10:43:19.0577 1384 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
10:43:19.0598 1384 kl2 - ok
10:43:19.0639 1384 KLIF (46fa00bef951762919b66269371c22af) C:\Windows\system32\DRIVERS\klif.sys
10:43:19.0682 1384 KLIF - ok
10:43:19.0707 1384 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:43:19.0743 1384 KSecDD - ok
10:43:19.0961 1384 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
10:43:20.0067 1384 KService - ok
10:43:20.0161 1384 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:43:20.0217 1384 KtmRm - ok
10:43:20.0245 1384 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\system32\srvsvc.dll
10:43:20.0290 1384 LanmanServer - ok
10:43:20.0319 1384 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:43:20.0443 1384 LanmanWorkstation - ok
10:43:20.0478 1384 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:43:20.0542 1384 lltdio - ok
10:43:20.0580 1384 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:43:20.0635 1384 lltdsvc - ok
10:43:20.0649 1384 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:43:20.0705 1384 lmhosts - ok
10:43:20.0731 1384 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:43:20.0750 1384 LSI_FC - ok
10:43:20.0770 1384 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:43:20.0790 1384 LSI_SAS - ok
10:43:20.0811 1384 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:43:20.0834 1384 LSI_SCSI - ok
10:43:20.0859 1384 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:43:20.0920 1384 luafv - ok
10:43:20.0960 1384 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:43:20.0979 1384 MBAMProtector - ok
10:43:21.0091 1384 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:43:21.0120 1384 MBAMService - ok
10:43:21.0179 1384 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
10:43:21.0216 1384 McciCMService ( UnsignedFile.Multi.Generic ) - warning
10:43:21.0216 1384 McciCMService - detected UnsignedFile.Multi.Generic (1)
10:43:21.0256 1384  Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:43:21.0288 1384 Mcx2Svc - ok
10:43:21.0313 1384 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:43:21.0328 1384 megasas - ok
10:43:21.0353 1384 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:43:21.0386 1384 MegaSR - ok
10:43:21.0412 1384 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:43:21.0463 1384 MMCSS - ok
10:43:21.0474 1384 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:43:21.0508 1384 Modem - ok
10:43:21.0519 1384 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:43:21.0554 1384 monitor - ok
10:43:21.0570 1384 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:43:21.0594 1384 mouclass - ok
10:43:21.0606 1384 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:43:21.0659 1384 mouhid - ok
10:43:21.0675 1384 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:43:21.0698 1384 MountMgr - ok
10:43:21.0735 1384 MozillaMaintenance (166f0cbff55d16552161c154317287ca) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:43:21.0753 1384 MozillaMaintenance - ok
10:43:21.0788 1384 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
10:43:21.0824 1384 MpFilter - ok
10:43:21.0845 1384 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:43:21.0862 1384 mpio - ok
10:43:21.0876 1384 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:43:21.0920 1384 mpsdrv - ok
10:43:21.0960 1384 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:43:21.0997 1384 MpsSvc - ok
10:43:22.0029 1384 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:43:22.0045 1384 Mraid35x - ok
10:43:22.0094 1384 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:43:22.0122 1384 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
10:43:22.0122 1384 MREMP50 - detected UnsignedFile.Multi.Generic (1)
10:43:22.0126 1384 MREMPR5 - ok
10:43:22.0133 1384 MRENDIS5 - ok
10:43:22.0162 1384 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:43:22.0174 1384 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
10:43:22.0174 1384 MRESP50 - detected UnsignedFile.Multi.Generic (1)
10:43:22.0202 1384 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:43:22.0227 1384 MRxDAV - ok
10:43:22.0254 1384 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:22.0301 1384 mrxsmb - ok
10:43:22.0323 1384 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:22.0376 1384 mrxsmb10 - ok
10:43:22.0384 1384 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:22.0438 1384 mrxsmb20 - ok
10:43:22.0450 1384 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:43:22.0467 1384 msahci - ok
10:43:22.0486 1384 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:43:22.0503 1384 msdsm - ok
10:43:22.0524 1384 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:43:22.0562 1384 MSDTC - ok
10:43:22.0581 1384 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:43:22.0623 1384 Msfs - ok
10:43:22.0636 1384 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:43:22.0660 1384 msisadrv - ok
10:43:22.0693 1384 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:43:22.0751 1384 MSiSCSI - ok
10:43:22.0756 1384 msiserver - ok
10:43:22.0791 1384 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:43:22.0828 1384 MSKSSRV - ok
10:43:22.0864 1384 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:43:22.0881 1384 MsMpSvc - ok
10:43:22.0892 1384 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:22.0930 1384 MSPCLOCK - ok
10:43:22.0935 1384 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:43:22.0992 1384 MSPQM - ok
10:43:23.0013 1384 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:43:23.0048 1384 MsRPC - ok
10:43:23.0057 1384 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:43:23.0075 1384 mssmbios - ok
10:43:23.0089 1384 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:43:23.0132 1384 MSTEE - ok
10:43:23.0139 1384 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:43:23.0165 1384 Mup - ok
10:43:23.0201 1384 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:43:23.0245 1384 napagent - ok
10:43:23.0276 1384 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:43:23.0302 1384 NativeWifiP - ok
10:43:23.0335 1384 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:43:23.0362 1384 NDIS - ok
10:43:23.0378 1384 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:23.0419 1384 NdisTapi - ok
10:43:23.0438 1384 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:23.0475 1384 Ndisuio - ok
10:43:23.0490 1384 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:23.0545 1384 NdisWan - ok
10:43:23.0562 1384 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:43:23.0600 1384 NDProxy - ok
10:43:23.0620 1384 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
10:43:23.0640 1384 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:43:23.0640 1384 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:43:23.0653 1384 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:43:23.0694 1384 NetBIOS - ok
10:43:23.0714 1384 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:43:23.0769 1384 netbt - ok
10:43:23.0800 1384 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:23.0825 1384 Netlogon - ok
10:43:23.0858 1384 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:43:23.0901 1384 Netman - ok
10:43:23.0958 1384 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:23.0993 1384 NetMsmqActivator - ok
10:43:23.0997 1384 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:24.0013 1384 NetPipeActivator - ok
10:43:24.0063 1384 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:43:24.0110 1384 netprofm - ok
10:43:24.0115 1384 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:24.0134 1384 NetTcpActivator - ok
10:43:24.0138 1384 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:24.0155 1384 NetTcpPortSharing - ok
10:43:24.0177 1384 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:43:24.0193 1384 nfrd960 - ok
10:43:24.0221 1384 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:43:24.0248 1384 NisDrv - ok
10:43:24.0308 1384 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:43:24.0335 1384 NisSrv - ok
10:43:24.0354 1384 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:43:24.0398 1384 NlaSvc - ok
10:43:24.0438 1384 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:43:24.0475 1384 Npfs - ok
10:43:24.0482 1384 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:43:24.0520 1384 nsi - ok
10:43:24.0533 1384 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:43:24.0584 1384 nsiproxy - ok
10:43:24.0663 1384 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:43:24.0725 1384 Ntfs - ok
10:43:24.0754 1384 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:43:24.0808 1384 ntrigdigi - ok
10:43:24.0819 1384 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:43:24.0859 1384 Null - ok
10:43:24.0888 1384 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
10:43:24.0921 1384 NVHDA - ok
10:43:25.0491 1384 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:43:25.0864 1384 nvlddmkm - ok
10:43:26.0079 1384 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:43:26.0097 1384 nvraid - ok
10:43:26.0115 1384 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:43:26.0131 1384 nvstor - ok
10:43:26.0158 1384 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
10:43:26.0175 1384 nvstor32 - ok
10:43:26.0226 1384 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
10:43:26.0256 1384 nvsvc - ok
10:43:26.0440 1384 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:43:26.0570 1384 nvUpdatusService - ok
10:43:26.0668 1384 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:43:26.0686 1384 nv_agp - ok
10:43:26.0690 1384 NwlnkFlt - ok
10:43:26.0697 1384 NwlnkFwd - ok
10:43:26.0719 1384 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:43:26.0780 1384 ohci1394 - ok
10:43:26.0829 1384 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:26.0862 1384 ose - ok
10:43:27.0168 1384 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:43:27.0377 1384 osppsvc - ok
10:43:27.0485 1384 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:27.0580 1384 p2pimsvc - ok
10:43:27.0589 1384 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:27.0623 1384 p2psvc - ok
10:43:27.0652 1384 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:43:27.0704 1384 Parport - ok
10:43:27.0731 1384 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
10:43:27.0769 1384 Partizan - ok
10:43:27.0790 1384 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:43:27.0820 1384 partmgr - ok
10:43:27.0830 1384 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:43:27.0881 1384 Parvdm - ok
10:43:27.0896 1384 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:43:27.0930 1384 PcaSvc - ok
10:43:27.0954 1384 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:43:27.0982 1384 pci - ok
10:43:27.0997 1384 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:43:28.0022 1384 pciide - ok
10:43:28.0044 1384 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:43:28.0070 1384 pcmcia - ok
10:43:28.0130 1384 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:43:28.0232 1384 PEAUTH - ok
10:43:28.0327 1384 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:43:28.0419 1384 pla - ok
10:43:28.0514 1384 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:43:28.0561 1384 PlugPlay - ok
10:43:28.0623 1384 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
10:43:28.0650 1384 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:43:28.0650 1384 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:43:28.0710 1384 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:28.0745 1384 PNRPAutoReg - ok
10:43:28.0752 1384 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:28.0789 1384 PNRPsvc - ok
10:43:28.0816 1384 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:43:28.0893 1384 PolicyAgent - ok
10:43:28.0920 1384 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:43:28.0970 1384 PptpMiniport - ok
10:43:28.0990 1384 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:43:29.0026 1384 Processor - ok
10:43:29.0037 1384 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:43:29.0077 1384 ProfSvc - ok
10:43:29.0092 1384 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:29.0116 1384 ProtectedStorage - ok
10:43:29.0142 1384 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:43:29.0189 1384 PSched - ok
10:43:29.0196 1384 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:43:29.0222 1384 PxHelp20 - ok
10:43:29.0292 1384 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:43:29.0357 1384 ql2300 - ok
10:43:29.0390 1384 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:43:29.0407 1384 ql40xx - ok
10:43:29.0441 1384 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:43:29.0483 1384 QWAVE - ok
10:43:29.0499 1384 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:43:29.0538 1384 QWAVEdrv - ok
10:43:29.0551 1384 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:43:29.0603 1384 RasAcd - ok
10:43:29.0620 1384 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:43:29.0671 1384 RasAuto - ok
10:43:29.0710 1384 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:43:29.0757 1384 Rasl2tp - ok
10:43:29.0824 1384 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:43:29.0864 1384 RasMan - ok
10:43:29.0879 1384 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:43:29.0920 1384 RasPppoe - ok
10:43:29.0950 1384 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:43:29.0981 1384 RasSstp - ok
10:43:30.0014 1384 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:43:30.0061 1384 rdbss - ok
10:43:30.0070 1384 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:43:30.0111 1384 RDPCDD - ok
10:43:30.0137 1384 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:43:30.0172 1384 rdpdr - ok
10:43:30.0177 1384 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:43:30.0227 1384 RDPENCDD - ok
10:43:30.0253 1384 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:43:30.0358 1384 RDPWD - ok
10:43:30.0371 1384 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
10:43:30.0403 1384 RegGuard - ok
10:43:30.0436 1384 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:43:30.0479 1384 RemoteAccess - ok
10:43:30.0495 1384 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:43:30.0539 1384 RemoteRegistry - ok
10:43:30.0554 1384 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:43:30.0607 1384 RpcLocator - ok
10:43:30.0640 1384 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:43:30.0678 1384 RpcSs - ok
10:43:30.0697 1384 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:43:30.0748 1384 rspndr - ok
10:43:30.0802 1384 RTL8169 (06992132cf20c3c1cba3f072c4086de8) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:43:30.0830 1384 RTL8169 - ok
10:43:30.0850 1384 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:30.0874 1384 SamSs - ok
10:43:30.0910 1384 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:43:30.0925 1384 SASDIFSV - ok
10:43:30.0943 1384 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:43:30.0958 1384 SASKUTIL - ok
10:43:30.0991 1384 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:43:31.0008 1384 sbp2port - ok
10:43:31.0096 1384 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:43:31.0167 1384 SBSDWSCService - ok
10:43:31.0189 1384 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:43:31.0237 1384 SCardSvr - ok
10:43:31.0277 1384 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll
10:43:31.0364 1384 Schedule - ok
10:43:31.0386 1384 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:43:31.0416 1384 SCPolicySvc - ok
10:43:31.0439 1384 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:43:31.0486 1384 SDRSVC - ok
10:43:31.0524 1384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:43:31.0594 1384 secdrv - ok
10:43:31.0605 1384 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:43:31.0644 1384 seclogon - ok
10:43:31.0656 1384 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:43:31.0694 1384 SENS - ok
10:43:31.0701 1384 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:43:31.0756 1384 Serenum - ok
10:43:31.0774 1384 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:43:31.0838 1384 Serial - ok
10:43:31.0857 1384 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:43:31.0899 1384 sermouse - ok
10:43:31.0917 1384 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:43:31.0960 1384 SessionEnv - ok
10:43:31.0973 1384 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:43:32.0010 1384 sffdisk - ok
10:43:32.0021 1384 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:43:32.0062 1384 sffp_mmc - ok
10:43:32.0082 1384 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:43:32.0123 1384 sffp_sd - ok
10:43:32.0136 1384 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:43:32.0186 1384 sfloppy - ok
10:43:32.0216 1384 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:43:32.0256 1384 SharedAccess - ok
10:43:32.0279 1384 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
10:43:32.0323 1384 ShellHWDetection - ok
10:43:32.0333 1384 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:43:32.0349 1384 sisagp - ok
10:43:32.0363 1384 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:43:32.0380 1384 SiSRaid2 - ok
10:43:32.0392 1384 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:43:32.0409 1384 SiSRaid4 - ok
10:43:32.0645 1384 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:43:32.0790 1384 slsvc - ok
10:43:32.0860 1384 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:43:32.0898 1384 SLUINotify - ok
10:43:32.0937 1384 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
10:43:32.0957 1384 SmartDefragDriver - ok
10:43:32.0989 1384 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:43:33.0035 1384 Smb - ok
10:43:33.0057 1384 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:43:33.0090 1384 SNMPTRAP - ok
10:43:33.0105 1384 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:43:33.0131 1384 spldr - ok
10:43:33.0152 1384 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe
10:43:33.0190 1384 Spooler - ok
10:43:33.0211 1384 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
10:43:33.0256 1384 srv - ok
10:43:33.0284 1384 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
10:43:33.0337 1384 srv2 - ok
10:43:33.0363 1384 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
10:43:33.0402 1384 srvnet - ok
10:43:33.0414 1384 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:43:33.0458 1384 SSDPSRV - ok
10:43:33.0479 1384 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:43:33.0500 1384 ssmdrv - ok
10:43:33.0521 1384 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:43:33.0553 1384 SstpSvc - ok
10:43:33.0592 1384 Steam Client Service - ok
10:43:33.0620 1384 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:43:33.0667 1384 StillCam - ok
10:43:33.0696 1384 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:43:33.0748 1384 stisvc - ok
10:43:33.0772 1384 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:43:33.0795 1384 swenum - ok
10:43:33.0828 1384 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:43:33.0868 1384 swprv - ok
10:43:33.0881 1384 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:43:33.0897 1384 Symc8xx - ok
10:43:33.0912 1384 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:43:33.0928 1384 Sym_hi - ok
10:43:33.0944 1384 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:43:33.0961 1384 Sym_u3 - ok
10:43:34.0026 1384 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:43:34.0086 1384 SysMain - ok
10:43:34.0112 1384 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:43:34.0159 1384 TabletInputService - ok
10:43:34.0188 1384 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:43:34.0232 1384 TapiSrv - ok
10:43:34.0245 1384 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:43:34.0287 1384 TBS - ok
10:43:34.0355 1384 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
10:43:34.0407 1384 Tcpip - ok
10:43:34.0422 1384 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
10:43:34.0457 1384 Tcpip6 - ok
10:43:34.0485 1384 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
10:43:34.0533 1384 tcpipreg - ok
10:43:34.0558 1384 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:43:34.0599 1384 TDPIPE - ok
10:43:34.0613 1384 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:43:34.0647 1384 TDTCP - ok
10:43:34.0678 1384 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:43:34.0716 1384 tdx - ok
10:43:34.0741 1384 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:43:34.0767 1384 TermDD - ok
10:43:34.0800 1384 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:43:34.0867 1384 TermService - ok
10:43:34.0891 1384 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
10:43:34.0923 1384 Themes - ok
10:43:34.0953 1384 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:43:34.0988 1384 THREADORDER - ok
10:43:35.0013 1384 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:43:35.0050 1384 TrkWks - ok
10:43:35.0096 1384 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:43:35.0141 1384 TrustedInstaller - ok
10:43:35.0154 1384 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:43:35.0191 1384 tssecsrv - ok
10:43:35.0200 1384 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:43:35.0251 1384 tunmp - ok
10:43:35.0258 1384 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
10:43:35.0305 1384 tunnel - ok
10:43:35.0318 1384 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:43:35.0335 1384 uagp35 - ok
10:43:35.0354 1384 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:43:35.0386 1384 udfs - ok
10:43:35.0409 1384 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:43:35.0461 1384 UI0Detect - ok
10:43:35.0477 1384 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:43:35.0496 1384 uliagpkx - ok
10:43:35.0515 1384 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:43:35.0540 1384 uliahci - ok
10:43:35.0555 1384 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:43:35.0575 1384 UlSata - ok
10:43:35.0588 1384 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:43:35.0615 1384 ulsata2 - ok
10:43:35.0625 1384 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:43:35.0666 1384 umbus - ok
10:43:35.0695 1384 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:43:35.0737 1384 upnphost - ok
10:43:35.0758 1384 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:43:35.0799 1384 usbccgp - ok
10:43:35.0818 1384 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:43:35.0868 1384 usbcir - ok
10:43:35.0888 1384 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:43:35.0929 1384 usbehci - ok
10:43:35.0952 1384 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:43:36.0030 1384 usbhub - ok
10:43:36.0045 1384 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
10:43:36.0089 1384 usbohci - ok
10:43:36.0102 1384 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:43:36.0144 1384 usbprint - ok
10:43:36.0163 1384 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:43:36.0207 1384 usbscan - ok
10:43:36.0221 1384 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:43:36.0259 1384 USBSTOR - ok
10:43:36.0269 1384 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:43:36.0311 1384 usbuhci - ok
10:43:36.0338 1384 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:43:36.0380 1384 UxSms - ok
10:43:36.0416 1384 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:43:36.0462 1384 vds - ok
10:43:36.0476 1384 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:43:36.0528 1384 vga - ok
10:43:36.0540 1384 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:43:36.0592 1384 VgaSave - ok
10:43:36.0603 1384 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:43:36.0620 1384 viaagp - ok
10:43:36.0636 1384 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:43:36.0671 1384 ViaC7 - ok
10:43:36.0677 1384 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:43:36.0696 1384 viaide - ok
10:43:36.0712 1384 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:43:36.0735 1384 volmgr - ok
10:43:36.0764 1384 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:43:36.0797 1384 volmgrx - ok
10:43:36.0814 1384 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:43:36.0843 1384 volsnap - ok
10:43:36.0884 1384 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\DRIVERS\vsdatant.sys
10:43:36.0915 1384 Vsdatant - ok
10:43:36.0920 1384 vsdatant7 - ok
10:43:36.0964 1384 vsmon - ok
10:43:37.0017 1384 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:43:37.0045 1384 vsmraid - ok
10:43:37.0112 1384 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:43:37.0198 1384 VSS - ok
10:43:37.0287 1384 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
10:43:37.0345 1384 vToolbarUpdater11.0.2 - ok
10:43:37.0455 1384 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:43:37.0491 1384 W32Time - ok
10:43:37.0532 1384 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:43:37.0592 1384 WacomPen - ok
10:43:37.0605 1384 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:37.0652 1384 Wanarp - ok
10:43:37.0655 1384 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:37.0686 1384 Wanarpv6 - ok
10:43:37.0716 1384 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:43:37.0760 1384 wcncsvc - ok
10:43:37.0782 1384 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:43:37.0823 1384 WcsPlugInService - ok
10:43:37.0835 1384 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:43:37.0858 1384 Wd - ok
10:43:37.0894 1384 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:43:37.0933 1384 Wdf01000 - ok
10:43:37.0968 1384 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:43:38.0011 1384 WdiServiceHost - ok
10:43:38.0016 1384 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:43:38.0053 1384 WdiSystemHost - ok
10:43:38.0081 1384 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:43:38.0108 1384 WebClient - ok
10:43:38.0120 1384 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
10:43:38.0166 1384 Wecsvc - ok
10:43:38.0175 1384 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:43:38.0219 1384 wercplsupport - ok
10:43:38.0239 1384 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:43:38.0271 1384 WerSvc - ok
10:43:38.0325 1384 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:43:38.0353 1384 WinDefend - ok
10:43:38.0364 1384 WinHttpAutoProxySvc - ok
10:43:38.0412 1384 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:43:38.0441 1384 Winmgmt - ok
10:43:38.0491 1384 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
10:43:38.0541 1384 WinRM - ok
10:43:38.0587 1384 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:43:38.0638 1384 Wlansvc - ok
10:43:38.0678 1384 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:43:38.0693 1384 wlcrasvc - ok
10:43:38.0812 1384 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:43:38.0889 1384 wlidsvc - ok
10:43:38.0982 1384 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:43:39.0046 1384 WmiAcpi - ok
10:43:39.0089 1384 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:43:39.0133 1384 WmiApSrv - ok
10:43:39.0237 1384 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:43:39.0300 1384 WMPNetworkSvc - ok
10:43:39.0318 1384 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:43:39.0368 1384 WPCSvc - ok
10:43:39.0380 1384 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:43:39.0423 1384 WPDBusEnum - ok
10:43:39.0527 1384 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:43:39.0570 1384 WPFFontCache_v0400 - ok
10:43:39.0598 1384 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:43:39.0643 1384 ws2ifsl - ok
10:43:39.0666 1384 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
10:43:39.0695 1384 wscsvc - ok
10:43:39.0700 1384 WSearch - ok
10:43:39.0820 1384 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:43:39.0902 1384 wuauserv - ok
10:43:39.0973 1384 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:43:40.0038 1384 wudfsvc - ok
10:43:40.0056 1384 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:43:40.0366 1384 \Device\Harddisk0\DR0 - ok
10:43:40.0370 1384 Boot (0x1200) (1564506fc0713d153b896ad06c0f6c1f) \Device\Harddisk0\DR0\Partition0
10:43:40.0371 1384 \Device\Harddisk0\DR0\Partition0 - ok
10:43:40.0372 1384 ============================================================
10:43:40.0372 1384 Scan finished
10:43:40.0372 1384 ============================================================
10:43:40.0390 2568 Detected object count: 10
10:43:40.0390 2568 Actual detected object count: 10
10:45:00.0676 2568 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0676 2568 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0680 2568 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0680 2568 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0683 2568 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0683 2568 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0685 2568 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0685 2568 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0687 2568 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0687 2568 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0690 2568 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0690 2568 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0693 2568 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0693 2568 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0696 2568 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0696 2568 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0698 2568 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0698 2568 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0700 2568 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0700 2568 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:43.0663 3304 ============================================================
10:45:43.0663 3304 Scan started
10:45:43.0663 3304 Mode: Manual; SigCheck; 
10:45:43.0663 3304 ============================================================
10:45:44.0042 3304 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:45:44.0070 3304 !SASCORE - ok
10:45:44.0141 3304 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:45:44.0163 3304 ACPI - ok
10:45:44.0206 3304 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
10:45:44.0222 3304 AdobeActiveFileMonitor6.0 - ok
10:45:44.0258 3304 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:45:44.0273 3304 AdobeARMservice - ok
10:45:44.0319 3304 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:45:44.0337 3304 AdobeFlashPlayerUpdateSvc - ok
10:45:44.0376 3304 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:45:44.0400 3304 adp94xx - ok
10:45:44.0452 3304 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:45:44.0471 3304 adpahci - ok
10:45:44.0495 3304 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:45:44.0512 3304 adpu160m - ok
10:45:44.0528 3304 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:45:44.0545 3304 adpu320 - ok
10:45:44.0623 3304 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
10:45:44.0654 3304 AdvancedSystemCareService5 - ok
10:45:44.0687 3304 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:45:44.0717 3304 AeLookupSvc - ok
10:45:44.0743 3304 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
10:45:44.0774 3304 AFD - ok
10:45:44.0785 3304 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:45:44.0801 3304 agp440 - ok
10:45:44.0811 3304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:45:44.0828 3304 aic78xx - ok
10:45:44.0844 3304 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:45:44.0876 3304 ALG - ok
10:45:44.0893 3304 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:45:44.0909 3304 aliide - ok
10:45:44.0935 3304 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:45:44.0951 3304 amdagp - ok
10:45:44.0981 3304 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:45:44.0996 3304 amdide - ok
10:45:45.0016 3304 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:45:45.0048 3304 AmdK7 - ok
10:45:45.0067 3304 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:45:45.0100 3304 AmdK8 - ok
10:45:45.0139 3304 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:45:45.0154 3304 AntiVirSchedulerService - ok
10:45:45.0178 3304 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:45:45.0194 3304 AntiVirService - ok
10:45:45.0218 3304 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:45:45.0242 3304 Appinfo - ok
10:45:45.0274 3304 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:45:45.0291 3304 arc - ok
10:45:45.0303 3304 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:45:45.0320 3304 arcsas - ok
10:45:45.0382 3304 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:45:45.0398 3304 aspnet_state - ok
10:45:45.0412 3304 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:45:45.0445 3304 AsyncMac - ok
10:45:45.0475 3304 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:45:45.0492 3304 atapi - ok
10:45:45.0520 3304 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:45:45.0555 3304 AudioEndpointBuilder - ok
10:45:45.0560 3304 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:45:45.0591 3304 Audiosrv - ok
10:45:45.0610 3304 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
10:45:45.0625 3304 avgntflt - ok
10:45:45.0648 3304 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
10:45:45.0663 3304 avipbb - ok
10:45:45.0675 3304 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:45:45.0690 3304 avkmgr - ok
10:45:45.0701 3304 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:45:45.0734 3304 Beep - ok
10:45:45.0764 3304 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:45:45.0799 3304 BFE - ok
10:45:45.0856 3304 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:45:45.0902 3304 BITS - ok
10:45:45.0934 3304 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:45:45.0976 3304 blbdrive - ok
10:45:46.0042 3304 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
10:45:46.0062 3304 Bonjour Service - ok
10:45:46.0088 3304 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
10:45:46.0121 3304 bowser - ok
10:45:46.0131 3304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:45:46.0160 3304 BrFiltLo - ok
10:45:46.0171 3304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:45:46.0199 3304 BrFiltUp - ok
10:45:46.0218 3304 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:45:46.0253 3304 Browser - ok
10:45:46.0267 3304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:45:46.0316 3304 Brserid - ok
10:45:46.0325 3304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:45:46.0375 3304 BrSerWdm - ok
10:45:46.0385 3304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:45:46.0434 3304 BrUsbMdm - ok
10:45:46.0450 3304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:45:46.0499 3304 BrUsbSer - ok
10:45:46.0514 3304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:45:46.0563 3304 BTHMODEM - ok
10:45:46.0572 3304 catchme - ok
10:45:46.0590 3304 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:45:46.0626 3304 cdfs - ok
10:45:46.0648 3304 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:45:46.0678 3304 cdrom - ok
10:45:46.0702 3304 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:45:46.0730 3304 CertPropSvc - ok
10:45:46.0748 3304 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:45:46.0781 3304 circlass - ok
10:45:46.0808 3304 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:45:46.0828 3304 CLFS - ok
10:45:46.0875 3304 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:45:46.0892 3304 clr_optimization_v2.0.50727_32 - ok
10:45:46.0943 3304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:45:46.0969 3304 clr_optimization_v4.0.30319_32 - ok
10:45:46.0998 3304 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:45:47.0013 3304 cmdide - ok
10:45:47.0023 3304 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
10:45:47.0038 3304 Compbatt - ok
10:45:47.0043 3304 COMSysApp - ok
10:45:47.0050 3304 cpuz134 - ok
10:45:47.0076 3304 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:45:47.0091 3304 crcdisk - ok
10:45:47.0105 3304 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:45:47.0139 3304 Crusoe - ok
10:45:47.0171 3304 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:45:47.0200 3304 CryptSvc - ok
10:45:47.0264 3304 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:45:47.0320 3304 DcomLaunch - ok
10:45:47.0340 3304 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
10:45:47.0369 3304 DfsC - ok
10:45:47.0486 3304 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:45:47.0581 3304 DFSR - ok
10:45:47.0667 3304 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:45:47.0699 3304 Dhcp - ok
10:45:47.0726 3304 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:45:47.0744 3304 disk - ok
10:45:47.0768 3304 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
10:45:47.0800 3304 Dnscache - ok
10:45:47.0825 3304 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:45:47.0855 3304 dot3svc - ok
10:45:47.0877 3304 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:45:47.0911 3304 Dot4 - ok
10:45:47.0922 3304 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:45:47.0957 3304 Dot4Print - ok
10:45:47.0981 3304 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:45:48.0013 3304 dot4usb - ok
10:45:48.0026 3304 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:45:48.0062 3304 DPS - ok
10:45:48.0080 3304 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:45:48.0110 3304 drmkaud - ok
10:45:48.0153 3304 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
10:45:48.0227 3304 DXGKrnl - ok
10:45:48.0245 3304 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:45:48.0281 3304 E1G60 - ok
10:45:48.0292 3304 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:45:48.0322 3304 EapHost - ok
10:45:48.0349 3304 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:45:48.0368 3304 Ecache - ok
10:45:48.0401 3304 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:45:48.0427 3304 ehRecvr - ok
10:45:48.0449 3304 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:45:48.0471 3304 ehSched - ok
10:45:48.0480 3304 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:45:48.0501 3304 ehstart - ok
10:45:48.0533 3304 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:45:48.0565 3304 elxstor - ok
10:45:48.0609 3304 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:45:48.0666 3304 EMDMgmt - ok
10:45:48.0671 3304 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:45:48.0706 3304 ErrDev - ok
10:45:48.0759 3304 ETService (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
10:45:48.0771 3304 ETService ( UnsignedFile.Multi.Generic ) - warning
10:45:48.0771 3304 ETService - detected UnsignedFile.Multi.Generic (1)
10:45:48.0801 3304 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:45:48.0837 3304 EventSystem - ok
10:45:48.0856 3304 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:45:48.0909 3304 exfat - ok
10:45:48.0939 3304 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
10:45:48.0953 3304 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
10:45:48.0954 3304 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
10:45:48.0999 3304 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:45:49.0028 3304 fastfat - ok
10:45:49.0039 3304 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:45:49.0075 3304 fdc - ok
10:45:49.0088 3304 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:45:49.0126 3304 fdPHost - ok
10:45:49.0132 3304 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:45:49.0183 3304 FDResPub - ok
10:45:49.0201 3304 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:45:49.0218 3304 FileInfo - ok
10:45:49.0228 3304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:45:49.0262 3304 Filetrace - ok
10:45:49.0319 3304 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:45:49.0342 3304 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:45:49.0342 3304 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:45:49.0358 3304 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:45:49.0391 3304 flpydisk - ok
10:45:49.0416 3304 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:45:49.0435 3304 FltMgr - ok
10:45:49.0512 3304 FontCache (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
10:45:49.0546 3304 FontCache - ok
10:45:49.0616 3304 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:45:49.0640 3304 FontCache3.0.0.0 - ok
10:45:49.0666 3304 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:45:49.0681 3304 fssfltr - ok
10:45:49.0796 3304 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:45:49.0899 3304 fsssvc - ok
10:45:50.0008 3304 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:45:50.0036 3304 Fs_Rec - ok
10:45:50.0060 3304 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:45:50.0076 3304 gagp30kx - ok
10:45:50.0108 3304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:45:50.0121 3304 GEARAspiWDM - ok
10:45:50.0178 3304 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:45:50.0192 3304 GoogleDesktopManager-051210-111108 - ok
10:45:50.0196 3304 GoogleDesktopManager-110309-193829 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:45:50.0210 3304 GoogleDesktopManager-110309-193829 - ok
10:45:50.0235 3304 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
10:45:50.0249 3304 GoToAssist - ok
10:45:50.0297 3304 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:45:50.0334 3304 gpsvc - ok
10:45:50.0367 3304 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:45:50.0392 3304 gupdate - ok
10:45:50.0396 3304 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:45:50.0413 3304 gupdatem - ok
10:45:50.0442 3304 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:45:50.0457 3304 gusvc - ok
10:45:50.0499 3304 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
10:45:50.0531 3304 HdAudAddService - ok
10:45:50.0576 3304 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:45:50.0616 3304 HDAudBus - ok
10:45:50.0641 3304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:45:50.0691 3304 HidBth - ok
10:45:50.0700 3304 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:45:50.0749 3304 HidIr - ok
10:45:50.0763 3304 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
10:45:50.0786 3304 hidserv - ok
10:45:50.0803 3304 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:45:50.0831 3304 HidUsb - ok
10:45:50.0848 3304 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:45:50.0883 3304 hkmsvc - ok
10:45:50.0895 3304 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:45:50.0910 3304 HpCISSs - ok
10:45:50.0977 3304 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:45:50.0990 3304 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:45:50.0990 3304 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:45:51.0024 3304 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:45:51.0037 3304 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:45:51.0037 3304 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:45:51.0085 3304 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:45:51.0113 3304 HTTP - ok
10:45:51.0132 3304 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:45:51.0148 3304 i2omp - ok
10:45:51.0160 3304 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:45:51.0189 3304 i8042prt - ok
10:45:51.0216 3304 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:45:51.0241 3304 iaStorV - ok
10:45:51.0323 3304 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:45:51.0364 3304 idsvc - ok
10:45:51.0383 3304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:45:51.0399 3304 iirsp - ok
10:45:51.0441 3304 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:45:51.0508 3304 IKEEXT - ok
10:45:51.0534 3304 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
10:45:51.0548 3304 int15 - ok
10:45:51.0748 3304 IntcAzAudAddService (bfcd7edc663f513e7c4a0b9400e58c70) C:\Windows\system32\drivers\RTKVHDA.sys
10:45:52.0004 3304 IntcAzAudAddService - ok
10:45:52.0097 3304 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:45:52.0113 3304 intelide - ok
10:45:52.0141 3304 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:45:52.0174 3304 intelppm - ok
10:45:52.0209 3304 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:45:52.0243 3304 IPBusEnum - ok
10:45:52.0258 3304 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:45:52.0293 3304 IpFilterDriver - ok
10:45:52.0319 3304 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
10:45:52.0357 3304 iphlpsvc - ok
10:45:52.0362 3304 IpInIp - ok
10:45:52.0376 3304 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:45:52.0409 3304 IPMIDRV - ok
10:45:52.0438 3304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:45:52.0474 3304 IPNAT - ok
10:45:52.0502 3304 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:45:52.0534 3304 IRENUM - ok
10:45:52.0547 3304 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:45:52.0564 3304 isapnp - ok
10:45:52.0594 3304 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:45:52.0621 3304 iScsiPrt - ok
10:45:52.0665 3304 ISWKL (ee8bed092a58a4faeb08dc140729189e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:45:52.0679 3304 ISWKL - ok
10:45:52.0724 3304 IswSvc (aa7fd6a7532ef23fdcfc030195c148f9) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
10:45:52.0745 3304 IswSvc - ok
10:45:52.0760 3304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:45:52.0776 3304 iteatapi - ok
10:45:52.0790 3304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:45:52.0805 3304 iteraid - ok
10:45:52.0813 3304 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:45:52.0828 3304 kbdclass - ok
10:45:52.0852 3304 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:45:52.0884 3304 kbdhid - ok
10:45:52.0907 3304 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:45:52.0940 3304 KeyIso - ok
10:45:52.0977 3304 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
10:45:52.0993 3304 KL1 - ok
10:45:53.0008 3304 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
10:45:53.0021 3304 kl2 - ok
10:45:53.0054 3304 KLIF (46fa00bef951762919b66269371c22af) C:\Windows\system32\DRIVERS\klif.sys
10:45:53.0076 3304 KLIF - ok
10:45:53.0100 3304 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:45:53.0124 3304 KSecDD - ok
10:45:53.0306 3304 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
10:45:53.0392 3304 KService - ok
10:45:53.0484 3304 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:45:53.0559 3304 KtmRm - ok
10:45:53.0602 3304 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\system32\srvsvc.dll
10:45:53.0642 3304 LanmanServer - ok
10:45:53.0668 3304 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:45:53.0717 3304 LanmanWorkstation - ok
10:45:53.0743 3304 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:45:53.0777 3304 lltdio - ok
10:45:53.0808 3304 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:45:53.0843 3304 lltdsvc - ok
10:45:53.0855 3304 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:45:53.0906 3304 lmhosts - ok
10:45:53.0941 3304 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:45:53.0959 3304 LSI_FC - ok
10:45:53.0976 3304 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:45:53.0994 3304 LSI_SAS - ok
10:45:54.0010 3304 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:45:54.0029 3304 LSI_SCSI - ok
10:45:54.0043 3304 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:45:54.0076 3304 luafv - ok
10:45:54.0100 3304 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:45:54.0116 3304 MBAMProtector - ok
10:45:54.0196 3304 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:45:54.0230 3304 MBAMService - ok
10:45:54.0286 3304 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
10:45:54.0305 3304 McciCMService ( UnsignedFile.Multi.Generic ) - warning
10:45:54.0305 3304 McciCMService - detected UnsignedFile.Multi.Generic (1)
10:45:54.0329 3304 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:45:54.0353 3304 Mcx2Svc - ok
10:45:54.0362 3304 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:45:54.0377 3304 megasas - ok
10:45:54.0409 3304 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:45:54.0458 3304 MegaSR - ok
10:45:54.0485 3304 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:54.0520 3304 MMCSS - ok
10:45:54.0539 3304 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:45:54.0572 3304 Modem - ok
10:45:54.0584 3304 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:45:54.0617 3304 monitor - ok
10:45:54.0636 3304 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:45:54.0651 3304 mouclass - ok
10:45:54.0663 3304 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:45:54.0696 3304 mouhid - ok
10:45:54.0715 3304 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:45:54.0730 3304 MountMgr - ok
10:45:54.0767 3304 MozillaMaintenance (166f0cbff55d16552161c154317287ca) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:45:54.0785 3304 MozillaMaintenance - ok
10:45:54.0803 3304 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
10:45:54.0822 3304 MpFilter - ok
10:45:54.0835 3304 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:45:54.0855 3304 mpio - ok
10:45:54.0866 3304 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:45:54.0896 3304 mpsdrv - ok
10:45:54.0940 3304 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:45:55.0019 3304 MpsSvc - ok
10:45:55.0036 3304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:45:55.0051 3304 Mraid35x - ok
10:45:55.0091 3304 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:45:55.0102 3304 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
10:45:55.0102 3304 MREMP50 - detected UnsignedFile.Multi.Generic (1)
10:45:55.0107 3304 MREMPR5 - ok
10:45:55.0113 3304 MRENDIS5 - ok
10:45:55.0128 3304 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:45:55.0138 3304 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
10:45:55.0138 3304 MRESP50 - detected UnsignedFile.Multi.Generic (1)
10:45:55.0167 3304 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:45:55.0194 3304 MRxDAV - ok
10:45:55.0220 3304 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:55.0248 3304 mrxsmb - ok
10:45:55.0272 3304 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:55.0302 3304 mrxsmb10 - ok
10:45:55.0312 3304 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:55.0340 3304 mrxsmb20 - ok
10:45:55.0357 3304 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:45:55.0372 3304 msahci - ok
10:45:55.0393 3304 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:45:55.0413 3304 msdsm - ok
10:45:55.0447 3304 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:45:55.0484 3304 MSDTC - ok
10:45:55.0505 3304 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:45:55.0538 3304 Msfs - ok
10:45:55.0559 3304 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:45:55.0574 3304 msisadrv - ok
10:45:55.0600 3304 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:45:55.0634 3304 MSiSCSI - ok
10:45:55.0638 3304 msiserver - ok
10:45:55.0657 3304 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:45:55.0691 3304 MSKSSRV - ok
10:45:55.0721 3304 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:45:55.0737 3304 MsMpSvc - ok
10:45:55.0749 3304 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:55.0781 3304 MSPCLOCK - ok
10:45:55.0786 3304 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:45:55.0819 3304 MSPQM - ok
10:45:55.0844 3304 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:45:55.0863 3304 MsRPC - ok
10:45:55.0872 3304 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:45:55.0888 3304 mssmbios - ok
10:45:55.0893 3304 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:45:55.0929 3304 MSTEE - ok
10:45:55.0936 3304 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:45:55.0953 3304 Mup - ok
10:45:55.0991 3304 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:45:56.0051 3304 napagent - ok
10:45:56.0083 3304 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:45:56.0116 3304 NativeWifiP - ok
10:45:56.0150 3304 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:45:56.0190 3304 NDIS - ok
10:45:56.0202 3304 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:56.0230 3304 NdisTapi - ok
10:45:56.0245 3304 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:56.0278 3304 Ndisuio - ok
10:45:56.0297 3304 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:56.0326 3304 NdisWan - ok
10:45:56.0344 3304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:45:56.0372 3304 NDProxy - ok
10:45:56.0394 3304 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
10:45:56.0406 3304 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:45:56.0406 3304 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:45:56.0426 3304 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:45:56.0459 3304 NetBIOS - ok
10:45:56.0478 3304 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:45:56.0508 3304 netbt - ok
10:45:56.0532 3304 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:45:56.0555 3304 Netlogon - ok
10:45:56.0599 3304 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:45:56.0639 3304 Netman - ok
10:45:56.0691 3304 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0708 3304 NetMsmqActivator - ok
10:45:56.0712 3304 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0729 3304 NetPipeActivator - ok
10:45:56.0756 3304 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:45:56.0806 3304 netprofm - ok
10:45:56.0810 3304 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0826 3304 NetTcpActivator - ok
10:45:56.0831 3304 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0847 3304 NetTcpPortSharing - ok
10:45:56.0875 3304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:45:56.0891 3304 nfrd960 - ok
10:45:56.0912 3304 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:45:56.0928 3304 NisDrv - ok
10:45:56.0974 3304 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:45:57.0043 3304 NisSrv - ok
10:45:57.0061 3304 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:45:57.0120 3304 NlaSvc - ok
10:45:57.0137 3304 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:45:57.0166 3304 Npfs - ok
10:45:57.0181 3304 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:45:57.0215 3304 nsi - ok
10:45:57.0223 3304 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:45:57.0256 3304 nsiproxy - ok
10:45:57.0337 3304 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:45:57.0373 3304 Ntfs - ok
10:45:57.0402 3304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:45:57.0452 3304 ntrigdigi - ok
10:45:57.0476 3304 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:45:57.0508 3304 Null - ok
10:45:57.0537 3304 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
10:45:57.0554 3304 NVHDA - ok
10:45:58.0107 3304 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:45:58.0395 3304 nvlddmkm - ok
10:45:58.0479 3304 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:45:58.0501 3304 nvraid - ok
10:45:58.0530 3304 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:45:58.0548 3304 nvstor - ok
10:45:58.0574 3304 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
10:45:58.0600 3304 nvstor32 - ok
10:45:58.0649 3304 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
10:45:58.0695 3304 nvsvc - ok
10:45:58.0864 3304 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:45:58.0977 3304 nvUpdatusService - ok
10:45:59.0117 3304 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:45:59.0138 3304 nv_agp - ok
10:45:59.0144 3304 NwlnkFlt - ok
10:45:59.0152 3304 NwlnkFwd - ok
10:45:59.0184 3304 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:45:59.0240 3304 ohci1394 - ok
10:45:59.0279 3304 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:45:59.0306 3304 ose - ok
10:45:59.0576 3304 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:45:59.0794 3304 osppsvc - ok
10:45:59.0943 3304 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:00.0026 3304 p2pimsvc - ok
10:46:00.0035 3304 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:00.0072 3304 p2psvc - ok
10:46:00.0102 3304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:46:00.0160 3304 Parport - ok
10:46:00.0180 3304 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
10:46:00.0194 3304 Partizan - ok
10:46:00.0213 3304 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:46:00.0230 3304 partmgr - ok
10:46:00.0245 3304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:46:00.0293 3304 Parvdm - ok
10:46:00.0311 3304 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:46:00.0335 3304 PcaSvc - ok
10:46:00.0352 3304 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:46:00.0370 3304 pci - ok
10:46:00.0379 3304 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:46:00.0395 3304 pciide - ok
10:46:00.0425 3304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:46:00.0452 3304 pcmcia - ok
10:46:00.0521 3304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:46:00.0585 3304 PEAUTH - ok
10:46:00.0684 3304 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:46:00.0764 3304 pla - ok
10:46:00.0871 3304 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:46:00.0924 3304 PlugPlay - ok
10:46:00.0969 3304 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
10:46:00.0980 3304 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:46:00.0980 3304 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:46:01.0050 3304 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:01.0083 3304 PNRPAutoReg - ok
10:46:01.0092 3304 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:01.0124 3304 PNRPsvc - ok
10:46:01.0156 3304 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:46:01.0190 3304 PolicyAgent - ok
10:46:01.0227 3304 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:46:01.0259 3304 PptpMiniport - ok
10:46:01.0288 3304 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:46:01.0321 3304 Processor - ok
10:46:01.0340 3304 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:46:01.0373 3304 ProfSvc - ok
10:46:01.0399 3304 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:46:01.0422 3304 ProtectedStorage - ok
10:46:01.0449 3304 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:46:01.0476 3304 PSched - ok
10:46:01.0483 3304 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:46:01.0498 3304 PxHelp20 - ok
10:46:01.0566 3304 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:46:01.0637 3304 ql2300 - ok
10:46:01.0656 3304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:46:01.0675 3304 ql40xx - ok
10:46:01.0705 3304 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:46:01.0732 3304 QWAVE - ok
10:46:01.0748 3304 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:46:01.0770 3304 QWAVEdrv - ok
10:46:01.0783 3304 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:46:01.0815 3304 RasAcd - ok
10:46:01.0835 3304 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:46:01.0869 3304 RasAuto - ok
10:46:01.0884 3304 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:46:01.0917 3304 Rasl2tp - ok
10:46:01.0945 3304 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:46:01.0981 3304 RasMan - ok
10:46:02.0002 3304 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:46:02.0031 3304 RasPppoe - ok
10:46:02.0047 3304 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:46:02.0069 3304 RasSstp - ok
10:46:02.0105 3304 rdbss  (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:46:02.0134 3304 rdbss - ok
10:46:02.0144 3304 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:46:02.0176 3304 RDPCDD - ok
10:46:02.0203 3304 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:46:02.0260 3304 rdpdr - ok
10:46:02.0265 3304 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:46:02.0299 3304 RDPENCDD - ok
10:46:02.0327 3304 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:46:02.0351 3304 RDPWD - ok
10:46:02.0369 3304 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
10:46:02.0383 3304 RegGuard - ok
10:46:02.0402 3304 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:46:02.0437 3304 RemoteAccess - ok
10:46:02.0460 3304 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:46:02.0490 3304 RemoteRegistry - ok
10:46:02.0503 3304 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:46:02.0526 3304 RpcLocator - ok
10:46:02.0631 3304 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:46:02.0673 3304 RpcSs - ok
10:46:02.0696 3304 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:46:02.0728 3304 rspndr - ok
10:46:02.0771 3304 RTL8169 (06992132cf20c3c1cba3f072c4086de8) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:46:02.0789 3304 RTL8169 - ok
10:46:02.0807 3304 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:46:02.0830 3304 SamSs - ok
10:46:02.0867 3304 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:46:02.0881 3304 SASDIFSV - ok
10:46:02.0891 3304 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:46:02.0907 3304 SASKUTIL - ok
10:46:02.0923 3304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:46:02.0941 3304 sbp2port - ok
10:46:03.0053 3304 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:46:03.0106 3304 SBSDWSCService - ok
10:46:03.0129 3304 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:46:03.0159 3304 SCardSvr - ok
10:46:03.0201 3304 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll
10:46:03.0241 3304 Schedule - ok
10:46:03.0268 3304 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:46:03.0296 3304 SCPolicySvc - ok
10:46:03.0313 3304 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:46:03.0338 3304 SDRSVC - ok
10:46:03.0364 3304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:46:03.0413 3304 secdrv - ok
10:46:03.0445 3304 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:46:03.0479 3304 seclogon - ok
10:46:03.0496 3304 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:46:03.0531 3304 SENS - ok
10:46:03.0541 3304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:46:03.0590 3304 Serenum - ok
10:46:03.0614 3304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:46:03.0665 3304 Serial - ok
10:46:03.0676 3304 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:46:03.0709 3304 sermouse - ok
10:46:03.0785 3304 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:46:03.0833 3304 SessionEnv - ok
10:46:03.0847 3304 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:46:03.0875 3304 sffdisk - ok
10:46:03.0887 3304 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:46:03.0919 3304 sffp_mmc - ok
10:46:03.0936 3304 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:46:03.0968 3304 sffp_sd - ok
10:46:04.0002 3304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:46:04.0050 3304 sfloppy - ok
10:46:04.0081 3304 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:46:04.0129 3304 SharedAccess - ok
10:46:04.0153 3304 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
10:46:04.0187 3304 ShellHWDetection - ok
10:46:04.0198 3304 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:46:04.0215 3304 sisagp - ok
10:46:04.0229 3304 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:46:04.0245 3304 SiSRaid2 - ok
10:46:04.0257 3304 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:46:04.0274 3304 SiSRaid4 - ok
10:46:04.0474 3304 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:46:04.0595 3304 slsvc - ok
10:46:04.0676 3304 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:46:04.0709 3304 SLUINotify - ok
10:46:04.0747 3304 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
10:46:04.0761 3304 SmartDefragDriver - ok
10:46:04.0787 3304 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:46:04.0818 3304 Smb - ok
10:46:04.0848 3304 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:46:04.0872 3304 SNMPTRAP - ok
10:46:04.0887 3304 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:46:04.0904 3304 spldr - ok
10:46:04.0926 3304 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe
10:46:04.0960 3304 Spooler - ok
10:46:04.0985 3304 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
10:46:05.0014 3304 srv - ok
10:46:05.0040 3304 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
10:46:05.0063 3304 srv2 - ok
10:46:05.0087 3304 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
10:46:05.0115 3304 srvnet - ok
10:46:05.0126 3304 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:46:05.0163 3304 SSDPSRV - ok
10:46:05.0186 3304 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:46:05.0199 3304 ssmdrv - ok
10:46:05.0219 3304 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:46:05.0253 3304 SstpSvc - ok
10:46:05.0291 3304 Steam Client Service - ok
10:46:05.0310 3304 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:46:05.0338 3304 StillCam - ok
10:46:05.0381 3304 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:46:05.0413 3304 stisvc - ok
10:46:05.0429 3304 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:46:05.0445 3304 swenum - ok
10:46:05.0466 3304 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:46:05.0500 3304 swprv - ok
10:46:05.0529 3304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:46:05.0544 3304 Symc8xx - ok
10:46:05.0578 3304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:46:05.0593 3304 Sym_hi - ok
10:46:05.0609 3304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:46:05.0624 3304 Sym_u3 - ok
10:46:05.0667 3304 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:46:05.0706 3304 SysMain - ok
10:46:05.0727 3304 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:46:05.0752 3304 TabletInputService - ok
10:46:05.0778 3304 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:46:05.0814 3304 TapiSrv - ok
10:46:05.0827 3304 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:46:05.0861 3304 TBS - ok
10:46:05.0943 3304 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
10:46:05.0978 3304 Tcpip - ok
10:46:05.0990 3304 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
10:46:06.0024 3304 Tcpip6 - ok
10:46:06.0059 3304 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
10:46:06.0080 3304 tcpipreg - ok
10:46:06.0090 3304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:46:06.0122 3304 TDPIPE - ok
10:46:06.0137 3304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:46:06.0169 3304 TDTCP - ok
10:46:06.0193 3304 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:46:06.0222 3304 tdx - ok
10:46:06.0248 3304 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:46:06.0265 3304 TermDD - ok
10:46:06.0314 3304 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:46:06.0365 3304 TermService - ok
10:46:06.0390 3304 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
10:46:06.0422 3304 Themes - ok
10:46:06.0460 3304 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:46:06.0494 3304 THREADORDER - ok
10:46:06.0528 3304 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:46:06.0568 3304 TrkWks - ok
10:46:06.0611 3304 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:46:06.0639 3304 TrustedInstaller - ok
10:46:06.0653 3304 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:46:06.0685 3304 tssecsrv - ok
10:46:06.0698 3304 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:46:06.0721 3304 tunmp - ok
10:46:06.0727 3304 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
10:46:06.0756 3304 tunnel - ok
10:46:06.0775 3304 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:46:06.0791 3304 uagp35 - ok
10:46:06.0811 3304 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:46:06.0847 3304 udfs - ok
10:46:06.0865 3304 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:46:06.0900 3304 UI0Detect - ok
10:46:06.0917 3304 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:46:06.0934 3304 uliagpkx - ok
10:46:06.0980 3304 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:46:07.0014 3304 uliahci - ok
10:46:07.0029 3304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:46:07.0048 3304 UlSata - ok
10:46:07.0061 3304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:46:07.0080 3304 ulsata2 - ok
10:46:07.0090 3304 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:46:07.0123 3304 umbus - ok
10:46:07.0144 3304 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:46:07.0184 3304 upnphost - ok
10:46:07.0198 3304 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:46:07.0227 3304 usbccgp - ok
10:46:07.0242 3304 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:46:07.0292 3304 usbcir - ok
10:46:07.0312 3304 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:46:07.0340 3304 usbehci - ok
10:46:07.0367 3304 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:46:07.0396 3304 usbhub - ok
10:46:07.0403 3304 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
10:46:07.0434 3304 usbohci - ok
10:46:07.0459 3304 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:46:07.0492 3304 usbprint - ok
10:46:07.0512 3304 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:46:07.0539 3304 usbscan - ok
10:46:07.0547 3304 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:46:07.0575 3304 USBSTOR - ok
10:46:07.0584 3304 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:46:07.0612 3304 usbuhci - ok
10:46:07.0629 3304 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:46:07.0658 3304 UxSms - ok
10:46:07.0685 3304 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:46:07.0720 3304 vds - ok
10:46:07.0734 3304 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:46:07.0766 3304 vga - ok
10:46:07.0781 3304 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:46:07.0813 3304 VgaSave - ok
10:46:07.0827 3304 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:46:07.0843 3304 viaagp - ok
10:46:07.0852 3304 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:46:07.0885 3304 ViaC7 - ok
10:46:07.0891 3304 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:46:07.0907 3304 viaide - ok
10:46:07.0919 3304 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:46:07.0935 3304 volmgr - ok
10:46:07.0979 3304 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:46:07.0999 3304 volmgrx - ok
10:46:08.0014 3304 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:46:08.0033 3304 volsnap - ok
10:46:08.0072 3304 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\DRIVERS\vsdatant.sys
10:46:08.0094 3304 Vsdatant - ok
10:46:08.0100 3304 vsdatant7 - ok
10:46:08.0138 3304 vsmon - ok
10:46:08.0157 3304 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:46:08.0176 3304 vsmraid - ok
10:46:08.0244 3304 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:46:08.0290 3304 VSS - ok
10:46:08.0386 3304 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
10:46:08.0418 3304 vToolbarUpdater11.0.2 - ok
10:46:08.0504 3304 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:46:08.0538 3304 W32Time - ok
10:46:08.0563 3304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:46:08.0612 3304 WacomPen - ok
10:46:08.0629 3304 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:46:08.0657 3304 Wanarp - ok
10:46:08.0661 3304 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:46:08.0690 3304 Wanarpv6 - ok
10:46:08.0730 3304 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:46:08.0761 3304 wcncsvc - ok
10:46:08.0789 3304 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:46:08.0821 3304 WcsPlugInService - ok
10:46:08.0842 3304 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:46:08.0857 3304 Wd - ok
10:46:08.0892 3304 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:46:08.0917 3304 Wdf01000 - ok
10:46:08.0947 3304 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:46:08.0983 3304 WdiServiceHost - ok
10:46:08.0987 3304 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:46:09.0022 3304 WdiSystemHost - ok
10:46:09.0036 3304 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:46:09.0064 3304 WebClient - ok
10:46:09.0076 3304 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
10:46:09.0111 3304 Wecsvc - ok
10:46:09.0119 3304 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:46:09.0150 3304 wercplsupport - ok
10:46:09.0163 3304 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:46:09.0195 3304 WerSvc - ok
10:46:09.0249 3304 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:46:09.0268 3304 WinDefend - ok
10:46:09.0278 3304 WinHttpAutoProxySvc - ok
10:46:09.0318 3304 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:46:09.0357 3304 Winmgmt - ok
10:46:09.0406 3304 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
10:46:09.0448 3304 WinRM - ok
10:46:09.0494 3304 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:46:09.0524 3304 Wlansvc - ok
10:46:09.0552 3304 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:46:09.0566 3304 wlcrasvc - ok
10:46:09.0685 3304 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:46:09.0771 3304 wlidsvc - ok
10:46:09.0872 3304 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:46:09.0900 3304 WmiAcpi - ok
10:46:09.0943 3304 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:46:09.0971 3304 WmiApSrv - ok
10:46:10.0046 3304 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:46:10.0092 3304 WMPNetworkSvc - ok
10:46:10.0107 3304 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:46:10.0131 3304 WPCSvc - ok
10:46:10.0154 3304 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:46:10.0179 3304 WPDBusEnum - ok
10:46:10.0267 3304 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:46:10.0295 3304 WPFFontCache_v0400 - ok
10:46:10.0315 3304 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:46:10.0348 3304 ws2ifsl - ok
10:46:10.0373 3304 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
10:46:10.0401 3304 wscsvc - ok
10:46:10.0406 3304 WSearch - ok
10:46:10.0539 3304 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:46:10.0625 3304 wuauserv - ok
10:46:10.0696 3304 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:46:10.0733 3304 wudfsvc - ok
10:46:10.0754 3304 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:46:11.0066 3304 \Device\Harddisk0\DR0 - ok
10:46:11.0070 3304 Boot (0x1200) (1564506fc0713d153b896ad06c0f6c1f) \Device\Harddisk0\DR0\Partition0
10:46:11.0071 3304 \Device\Harddisk0\DR0\Partition0 - ok
10:46:11.0073 3304 ============================================================
10:46:11.0073 3304 Scan finished
10:46:11.0073 3304 ============================================================
10:46:11.0086 1180 Detected object count: 10
10:46:11.0086 1180 Actual detected object count: 10
10:48:35.0894 1180 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0894 1180 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0896 1180 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0896 1180 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0898 1180 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0898 1180 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0902 1180 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0902 1180 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0905 1180 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0905 1180 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0907 1180 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0907 1180 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0910 1180 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0910 1180 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0912 1180 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0912 1180 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0915 1180 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0916 1180 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0918 1180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0918 1180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:50:51.0332 5836 Deinitialize success.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-06 11:40:52
-----------------------------
11:40:52.092 OS Version: Windows 6.0.6002 Service Pack 2
11:40:52.092 Number of processors: 4 586 0x1707
11:40:52.093 ComputerName: EAMONNS UserName: currys
11:41:25.580 Initialize success
11:41:50.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
11:41:50.100 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
11:41:50.115 Disk 0 MBR read successfully
11:41:50.117 Disk 0 MBR scan
11:41:50.120 Disk 0 Windows VISTA default MBR code
11:41:50.130 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
11:41:50.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600238 MB offset 20973568
11:41:50.142 Disk 0 scanning sectors +1250261680
11:41:50.204 Disk 0 scanning C:\Windows\system32\drivers
11:41:57.639 Service scanning
11:42:01.930 Service MpKsl87d25911 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\MpKsl87d25911.sys **LOCKED** 32
11:42:08.215 Modules scanning
11:42:11.228 Disk 0 trace - called modules:
11:42:11.247 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
11:42:11.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87524968]
11:42:11.257 3 CLASSPNP.SYS[8bdb58b3] -> nt!IofCallDriver -> [0x857d96e0]
11:42:11.261 5 acpi.sys[83a986bc] -> nt!IofCallDriver -> \Device\0000005e[0x857d9c90]
11:42:11.266 Scan finished successfully
11:42:54.736 Disk 0 MBR has been saved successfully to "C:\Users\currys\Desktop\MBR.dat"
11:42:54.748 The log file has been saved successfully to "C:\Users\currys\Desktop\aswMBR.txt"

ComboFix 12-07-06.01 - currys 06/07/2012 12:04:43.3.4 - x86
Running from: c:\users\currys\Downloads\baffledUK123.exe.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\baffledUK123.exe
c:\baffleduk123.exe\path05
c:\baffleduk123.exe\sed.3XE
C:\install.exe
c:\programdata\bProtector
c:\users\currys\AppData\Local\Temp\{6BDAB443-0FAE-42FB-8481-F541A02AB4ED}
c:\users\currys\AppData\Local\Temp\ppcrlui_5780_2
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 10:59 . 2012-04-18 03:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5B11266-9F6D-46BA-BE4F-475D856D9270}\mpengine.dll
2012-07-06 10:45 . 2012-07-06 10:45 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\offreg.dll
2012-07-06 10:41 . 2012-07-06 10:41 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\MpKsl87d25911.sys
2012-07-06 09:35 . 2012-05-30 19:41 6762896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\mpengine.dll
2012-07-05 22:20 . 2012-07-05 22:20 -------- d-----w- c:\program files\Common Files\Java
2012-07-05 22:19 . 2012-07-05 22:19 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-04 10:19 . 2012-07-04 10:19 -------- d-----w- c:\users\currys\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 10:18 . 2012-07-04 10:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-04 10:18 . 2012-07-04 10:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-04 09:42 . 2012-07-04 09:42 388096 ----a-r- c:\users\currys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-04 09:42 . 2012-07-04 09:42 -------- d-----w- c:\program files\Trend Micro
2012-07-02 17:56 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 15:03 . 2012-06-30 15:03 -------- d-----w- c:\users\currys\AppData\Roaming\Sammsoft
2012-06-30 15:02 . 2012-06-30 15:08 -------- d-----w- c:\program files\ARO 2012
2012-06-30 10:59 . 2012-07-02 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 22:55 . 2012-06-29 22:59 -------- d-----w- c:\users\currys\AppData\Roaming\DigitalSupport
2012-06-29 22:33 . 2012-06-29 22:33 -------- d-----w- c:\users\currys\AppData\Roaming\Simply Super Software
2012-06-29 22:32 . 2012-06-29 22:32 -------- d-----w- c:\programdata\Simply Super Software
2012-06-29 22:32 . 2012-06-29 22:33 -------- d-----w- c:\program files\Trojan Remover
2012-06-28 12:40 . 2012-07-01 00:10 -------- d-----w- c:\program files\ReImageCompanion
2012-06-28 12:34 . 2012-06-28 12:34 -------- dc-h--w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-06-28 12:31 . 2012-07-01 00:10 -------- dc-h--w- c:\programdata\~0
2012-06-24 23:20 . 2012-07-06 11:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-24 10:12 . 2012-06-26 21:36 -------- d-----w- c:\program files\RegZooka
2012-06-24 09:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 09:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 09:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 09:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 09:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 09:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 09:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 09:35 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 09:35 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 12:46 . 2012-06-23 12:46 -------- d-----w- c:\users\currys\AppData\Local\Macromedia
2012-06-23 10:43 . 2012-06-23 11:42 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-06-23 10:35 . 2012-06-23 10:35 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-23 10:35 . 2012-06-23 10:35 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-06-23 09:45 . 2012-06-26 22:32 -------- d-----w- c:\programdata\RegRun
2012-06-23 09:44 . 2012-06-23 09:44 2 --shatr- c:\windows\winstart.bat
2012-06-23 09:44 . 2012-06-23 09:44 -------- d-----w- c:\program files\Greatis
2012-06-19 23:21 . 2012-07-01 00:10 -------- dc----w- C:\f90e4393fac73d563b0e
2012-06-19 21:53 . 2012-02-28 10:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-19 21:53 . 2012-06-30 17:12 -------- d-----w- c:\program files\PC Tools
2012-06-19 21:53 . 2012-06-19 22:21 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-19 21:53 . 2012-05-11 10:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-19 21:52 . 2012-06-19 22:21 -------- d-----w- c:\programdata\PC Tools
2012-06-19 21:52 . 2012-06-19 21:52 -------- d-----w- c:\users\currys\AppData\Roaming\TestApp
2012-06-18 22:34 . 2012-06-18 22:34 -------- d-----w- c:\users\currys\AppData\Roaming\FlashGet
2012-06-18 22:34 . 2012-06-18 22:34 -------- d-----w- c:\program files\FlashGet Network
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 22:19 . 2010-04-22 21:21 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-23 12:46 . 2012-03-30 19:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 12:46 . 2011-07-16 18:09 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-13 11:59 . 2011-12-17 15:48 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-05-10 09:55 . 2012-05-10 09:55 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 08:55 . 2011-12-18 09:35 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 08:55 . 2011-12-18 09:35 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-01 22:30 . 2012-05-20 11:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-28 20:51 . 2008-11-07 09:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 68856]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 3881792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"4oD"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-30 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-10 12:47 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 17:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-03 11:28 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL87D25911
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:46]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
- c:\users\currys\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 10:26]
.
2012-07-06 c:\windows\Tasks\Recovery DVD Creator-currys.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-21 15:25]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder
IE: E&xport to Microsoft Excel
IE: Google Sidewiki...
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090910103721
FF - ProfilePath - c:\users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 12:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\*& *u*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:92,fa,95,c7,a1,37,50,00
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,e6,62,f7,01,dc,fb,1c,52,f0,6e,66,c7,e7,f7,7d,d4,3c,36,63,42,0e,89,
8f,85,fa,f6,6d,83,03,fa,81,49,39,a4,45,bf,5e,77,23,eb,37,4b,86,ff,a8,26,ea,\
"??"=hex:dd,bb,b0,11,5f,96,3e,4b,49,50,e6,16,dd,f8,06,aa
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):85,95,14,d3,27,4a,46,92,ae,59,c7,15,15,df,38,74,0f,19,b1,7a,db,
bb,f0,e8,07,d0,65,01,12,5d,c5,e7,c3,d1,3d,a1,73,f5,bd,ad,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{f72d7cc0-3228-4f40-938c-e80ee848e811}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bc
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(5460)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-07-06 12:40:41
ComboFix-quarantined-files.txt 2012-07-06 11:34
ComboFix2.txt 2012-02-23 00:12
.
Pre-Run: 452,379,402,240 bytes free
Post-Run: 452,399,927,296 bytes free
.
- - End Of File - - 576A7173098CBC0E7DFD8DB7401D3A34

Hopefully everything is done as requested.


----------



## baffledUK (Jul 2, 2012)

ComboFix 12-07-06.01 - currys 06/07/2012 12:04:43.3.4 - x86
Running from: c:\users\currys\Downloads\baffledUK123.exe.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\baffledUK123.exe
c:\baffleduk123.exe\path05
c:\baffleduk123.exe\sed.3XE
C:\install.exe
c:\programdata\bProtector
c:\users\currys\AppData\Local\Temp\{6BDAB443-0FAE-42FB-8481-F541A02AB4ED}
c:\users\currys\AppData\Local\Temp\ppcrlui_5780_2
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 10:59 . 2012-04-18 03:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5B11266-9F6D-46BA-BE4F-475D856D9270}\mpengine.dll
2012-07-06 10:45 . 2012-07-06 10:45 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\offreg.dll
2012-07-06 10:41 . 2012-07-06 10:41 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\MpKsl87d25911.sys
2012-07-06 09:35 . 2012-05-30 19:41 6762896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\mpengine.dll
2012-07-05 22:20 . 2012-07-05 22:20 -------- d-----w- c:\program files\Common Files\Java
2012-07-05 22:19 . 2012-07-05 22:19 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-04 10:19 . 2012-07-04 10:19 -------- d-----w- c:\users\currys\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 10:18 . 2012-07-04 10:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-04 10:18 . 2012-07-04 10:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-04 09:42 . 2012-07-04 09:42 388096 ----a-r- c:\users\currys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-04 09:42 . 2012-07-04 09:42 -------- d-----w- c:\program files\Trend Micro
2012-07-02 17:56 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 15:03 . 2012-06-30 15:03 -------- d-----w- c:\users\currys\AppData\Roaming\Sammsoft
2012-06-30 15:02 . 2012-06-30 15:08 -------- d-----w- c:\program files\ARO 2012
2012-06-30 10:59 . 2012-07-02 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 22:55 . 2012-06-29 22:59 -------- d-----w- c:\users\currys\AppData\Roaming\DigitalSupport
2012-06-29 22:33 . 2012-06-29 22:33 -------- d-----w- c:\users\currys\AppData\Roaming\Simply Super Software
2012-06-29 22:32 . 2012-06-29 22:32 -------- d-----w- c:\programdata\Simply Super Software
2012-06-29 22:32 . 2012-06-29 22:33 -------- d-----w- c:\program files\Trojan Remover
2012-06-28 12:40 . 2012-07-01 00:10 -------- d-----w- c:\program files\ReImageCompanion
2012-06-28 12:34 . 2012-06-28 12:34 -------- dc-h--w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-06-28 12:31 . 2012-07-01 00:10 -------- dc-h--w- c:\programdata\~0
2012-06-24 23:20 . 2012-07-06 11:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-24 10:12 . 2012-06-26 21:36 -------- d-----w- c:\program files\RegZooka
2012-06-24 09:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 09:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 09:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 09:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 09:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 09:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 09:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 09:35 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 09:35 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 12:46 . 2012-06-23 12:46 -------- d-----w- c:\users\currys\AppData\Local\Macromedia
2012-06-23 10:43 . 2012-06-23 11:42 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-06-23 10:35 . 2012-06-23 10:35 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-23 10:35 . 2012-06-23 10:35 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-06-23 09:45 . 2012-06-26 22:32 -------- d-----w- c:\programdata\RegRun
2012-06-23 09:44 . 2012-06-23 09:44 2 --shatr- c:\windows\winstart.bat
2012-06-23 09:44 . 2012-06-23 09:44 -------- d-----w- c:\program files\Greatis
2012-06-19 23:21 . 2012-07-01 00:10 -------- dc----w- C:\f90e4393fac73d563b0e
2012-06-19 21:53 . 2012-02-28 10:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-19 21:53 . 2012-06-30 17:12 -------- d-----w- c:\program files\PC Tools
2012-06-19 21:53 . 2012-06-19 22:21 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-19 21:53 . 2012-05-11 10:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-19 21:52 . 2012-06-19 22:21 -------- d-----w- c:\programdata\PC Tools
2012-06-19 21:52 . 2012-06-19 21:52 -------- d-----w- c:\users\currys\AppData\Roaming\TestApp
2012-06-18 22:34 . 2012-06-18 22:34 -------- d-----w- c:\users\currys\AppData\Roaming\FlashGet
2012-06-18 22:34 . 2012-06-18 22:34 -------- d-----w- c:\program files\FlashGet Network
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 22:19 . 2010-04-22 21:21 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-23 12:46 . 2012-03-30 19:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 12:46 . 2011-07-16 18:09 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-13 11:59 . 2011-12-17 15:48 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-05-10 09:55 . 2012-05-10 09:55 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 08:55 . 2011-12-18 09:35 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 08:55 . 2011-12-18 09:35 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-01 22:30 . 2012-05-20 11:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-28 20:51 . 2008-11-07 09:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 68856]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 3881792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"4oD"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-30 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-10 12:47 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 17:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-03 11:28 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL87D25911
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:46]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
- c:\users\currys\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 10:26]
.
2012-07-06 c:\windows\Tasks\Recovery DVD Creator-currys.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-21 15:25]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder
IE: E&xport to Microsoft Excel
IE: Google Sidewiki...
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090910103721
FF - ProfilePath - c:\users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 12:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\*& *u*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:92,fa,95,c7,a1,37,50,00
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,e6,62,f7,01,dc,fb,1c,52,f0,6e,66,c7,e7,f7,7d,d4,3c,36,63,42,0e,89,
8f,85,fa,f6,6d,83,03,fa,81,49,39,a4,45,bf,5e,77,23,eb,37,4b,86,ff,a8,26,ea,\
"??"=hex:dd,bb,b0,11,5f,96,3e,4b,49,50,e6,16,dd,f8,06,aa
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):85,95,14,d3,27,4a,46,92,ae,59,c7,15,15,df,38,74,0f,19,b1,7a,db,
bb,f0,e8,07,d0,65,01,12,5d,c5,e7,c3,d1,3d,a1,73,f5,bd,ad,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{f72d7cc0-3228-4f40-938c-e80ee848e811}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bc
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(5460)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-07-06 12:40:41
ComboFix-quarantined-files.txt 2012-07-06 11:34
ComboFix2.txt 2012-02-23 00:12
.
Pre-Run: 452,379,402,240 bytes free
Post-Run: 452,399,927,296 bytes free
.
- - End Of File - - 576A7173098CBC0E7DFD8DB7401D3A34

10:41:52.0652 2536 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:41:54.0655 2536 ============================================================
10:41:54.0655 2536 Current date / time: 2012/07/06 10:41:54.0655
10:41:54.0655 2536 SystemInfo:
10:41:54.0655 2536 
10:41:54.0655 2536 OS Version: 6.0.6002 ServicePack: 2.0
10:41:54.0655 2536 Product type: Workstation
10:41:54.0656 2536 ComputerName: EAMONNS
10:41:54.0656 2536 UserName: currys
10:41:54.0656 2536 Windows directory: C:\Windows
10:41:54.0656 2536 System windows directory: C:\Windows
10:41:54.0656 2536 Processor architecture: Intel x86
10:41:54.0656 2536 Number of processors: 4
10:41:54.0656 2536 Page size: 0x1000
10:41:54.0656 2536 Boot type: Normal boot
10:41:54.0656 2536 ============================================================
10:42:01.0665 2536 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:01.0777 2536 ============================================================
10:42:01.0777 2536 \Device\Harddisk0\DR0:
10:42:01.0777 2536 MBR partitions:
10:42:01.0777 2536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x494572B0
10:42:01.0777 2536 ============================================================
10:42:01.0809 2536 C: <-> \Device\Harddisk0\DR0\Partition0
10:42:01.0809 2536 ============================================================
10:42:01.0809 2536 Initialize success
10:42:01.0809 2536 ============================================================
10:43:06.0037 1384 ============================================================
10:43:06.0038 1384 Scan started
10:43:06.0038 1384 Mode: Manual; SigCheck; 
10:43:06.0038 1384 ============================================================
10:43:06.0819 1384 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:43:06.0951 1384 !SASCORE - ok
10:43:07.0384 1384 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:43:07.0466 1384 ACPI - ok
10:43:07.0831 1384 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
10:43:07.0859 1384 AdobeActiveFileMonitor6.0 - ok
10:43:07.0968 1384 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:43:07.0993 1384 AdobeARMservice - ok
10:43:08.0374 1384 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:08.0392 1384 AdobeFlashPlayerUpdateSvc - ok
10:43:08.0459 1384 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:43:08.0493 1384 adp94xx - ok
10:43:08.0548 1384 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:43:08.0585 1384 adpahci - ok
10:43:08.0795 1384 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:43:08.0813 1384 adpu160m - ok
10:43:08.0838 1384 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:43:08.0864 1384 adpu320 - ok
10:43:09.0313 1384 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
10:43:09.0358 1384 AdvancedSystemCareService5 - ok
10:43:09.0413 1384 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:43:09.0471 1384 AeLookupSvc - ok
10:43:09.0494 1384 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
10:43:09.0549 1384 AFD - ok
10:43:09.0571 1384 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:43:09.0588 1384 agp440 - ok
10:43:09.0621 1384 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:43:09.0638 1384 aic78xx - ok
10:43:09.0653 1384 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:43:09.0707 1384 ALG - ok
10:43:09.0719 1384 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:43:09.0735 1384 aliide - ok
10:43:09.0747 1384 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:43:09.0765 1384 amdagp - ok
10:43:09.0782 1384 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:43:09.0799 1384 amdide - ok
10:43:09.0809 1384 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:43:09.0843 1384 AmdK7 - ok
10:43:09.0860 1384 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:43:09.0897 1384 AmdK8 - ok
10:43:10.0034 1384 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:43:10.0110 1384 AntiVirSchedulerService - ok
10:43:10.0130 1384 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:43:10.0158 1384 AntiVirService - ok
10:43:10.0274 1384 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:43:10.0321 1384 Appinfo - ok
10:43:10.0353 1384 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:43:10.0369 1384 arc - ok
10:43:10.0387 1384 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:43:10.0406 1384 arcsas - ok
10:43:10.0525 1384 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:43:10.0555 1384 aspnet_state - ok
10:43:10.0562 1384 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:10.0613 1384 AsyncMac - ok
10:43:10.0635 1384 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:43:10.0659 1384 atapi - ok
10:43:10.0689 1384 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:43:10.0731 1384 AudioEndpointBuilder - ok
10:43:10.0736 1384 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:43:10.0769 1384 Audiosrv - ok
10:43:10.0787 1384 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
10:43:10.0864 1384 avgntflt - ok
10:43:10.0891 1384 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
10:43:10.0925 1384 avipbb - ok
10:43:10.0943 1384 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:43:10.0966 1384 avkmgr - ok
10:43:11.0007 1384 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:43:11.0062 1384 Beep - ok
10:43:11.0116 1384 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:43:11.0189 1384 BFE - ok
10:43:11.0241 1384 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:43:11.0312 1384 BITS - ok
10:43:11.0321 1384 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:43:11.0366 1384 blbdrive - ok
10:43:11.0444 1384 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
10:43:11.0471 1384 Bonjour Service - ok
10:43:11.0498 1384 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
10:43:11.0550 1384 bowser - ok
10:43:11.0565 1384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:43:11.0603 1384 BrFiltLo - ok
10:43:11.0614 1384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:43:11.0646 1384 BrFiltUp - ok
10:43:11.0669 1384 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:43:11.0723 1384 Browser - ok
10:43:11.0735 1384 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:43:11.0881 1384 Brserid - ok
10:43:11.0893 1384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:43:11.0944 1384 BrSerWdm - ok
10:43:11.0969 1384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:43:12.0023 1384 BrUsbMdm - ok
10:43:12.0035 1384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:43:12.0091 1384 BrUsbSer - ok
10:43:12.0107 1384 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:43:12.0166 1384 BTHMODEM - ok
10:43:12.0173 1384 catchme - ok
10:43:12.0191 1384 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:43:12.0229 1384 cdfs - ok
10:43:12.0250 1384 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:43:12.0297 1384 cdrom - ok
10:43:12.0320 1384 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:43:12.0349 1384 CertPropSvc - ok
10:43:12.0358 1384 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:43:12.0402 1384 circlass - ok
10:43:12.0443 1384 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:43:12.0476 1384 CLFS - ok
10:43:12.0527 1384 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:12.0545 1384 clr_optimization_v2.0.50727_32 - ok
10:43:12.0611 1384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:12.0665 1384 clr_optimization_v4.0.30319_32 - ok
10:43:12.0706 1384 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:43:12.0723 1384 cmdide - ok
10:43:12.0741 1384 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
10:43:12.0790 1384 Compbatt - ok
10:43:12.0795 1384 COMSysApp - ok
10:43:12.0825 1384 cpuz134 - ok
10:43:12.0836 1384 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:43:12.0859 1384 crcdisk - ok
10:43:12.0873 1384 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:43:12.0910 1384  Crusoe - ok
10:43:12.0944 1384 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:43:13.0002 1384 CryptSvc - ok
10:43:13.0049 1384 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:43:13.0108 1384 DcomLaunch - ok
10:43:13.0125 1384 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
10:43:13.0174 1384 DfsC - ok
10:43:13.0287 1384 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:43:13.0368 1384 DFSR - ok
10:43:13.0477 1384 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:43:13.0513 1384 Dhcp - ok
10:43:13.0536 1384 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:43:13.0563 1384 disk - ok
10:43:13.0586 1384 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
10:43:13.0621 1384 Dnscache - ok
10:43:13.0643 1384 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:43:13.0689 1384 dot3svc - ok
10:43:13.0711 1384 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:43:13.0775 1384 Dot4 - ok
10:43:13.0790 1384 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:43:13.0839 1384 Dot4Print - ok
10:43:13.0849 1384 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:43:13.0894 1384 dot4usb - ok
10:43:13.0910 1384 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:43:13.0953 1384 DPS - ok
10:43:13.0982 1384 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:43:14.0014 1384 drmkaud - ok
10:43:14.0055 1384 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
10:43:14.0107 1384 DXGKrnl - ok
10:43:14.0130 1384 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:43:14.0168 1384 E1G60 - ok
10:43:14.0196 1384 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:43:14.0245 1384 EapHost - ok
10:43:14.0276 1384 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:43:14.0311 1384 Ecache - ok
10:43:14.0352 1384 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:43:14.0405 1384 ehRecvr - ok
10:43:14.0442 1384 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:43:14.0493 1384 ehSched - ok
10:43:14.0506 1384 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:43:14.0537 1384 ehstart - ok
10:43:14.0577 1384 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:43:14.0610 1384 elxstor - ok
10:43:14.0652 1384 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:43:14.0725 1384 EMDMgmt - ok
10:43:14.0735 1384 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:43:14.0772 1384 ErrDev - ok
10:43:14.0819 1384 ETService (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
10:43:14.0845 1384 ETService ( UnsignedFile.Multi.Generic ) - warning
10:43:14.0845 1384 ETService - detected UnsignedFile.Multi.Generic (1)
10:43:14.0869 1384 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:43:14.0906 1384 EventSystem - ok
10:43:14.0924 1384 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:43:14.0988 1384 exfat - ok
10:43:15.0011 1384 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
10:43:15.0039 1384 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
10:43:15.0039 1384 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
10:43:15.0067 1384 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:43:15.0124 1384 fastfat - ok
10:43:15.0149 1384 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:43:15.0183 1384 fdc - ok
10:43:15.0218 1384 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:43:15.0275 1384 fdPHost - ok
10:43:15.0280 1384 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:43:15.0348 1384 FDResPub - ok
10:43:15.0361 1384 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:43:15.0386 1384 FileInfo - ok
10:43:15.0397 1384 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:43:15.0433 1384 Filetrace - ok
10:43:15.0504 1384 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:43:15.0565 1384 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:43:15.0565 1384 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:43:15.0577 1384 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:15.0616 1384 flpydisk - ok
10:43:15.0642 1384 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:43:15.0675 1384 FltMgr - ok
10:43:15.0780 1384 FontCache (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
10:43:15.0849 1384 FontCache - ok
10:43:15.0921 1384 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:15.0938 1384 FontCache3.0.0.0 - ok
10:43:15.0967 1384 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:43:15.0981 1384 fssfltr - ok
10:43:16.0140 1384 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:43:16.0220 1384 fsssvc - ok
10:43:16.0326 1384 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:16.0392 1384 Fs_Rec - ok
10:43:16.0404 1384 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:43:16.0422 1384 gagp30kx - ok
10:43:16.0451 1384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:16.0471 1384 GEARAspiWDM - ok
10:43:16.0530 1384 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:43:16.0548 1384 GoogleDesktopManager-051210-111108 - ok
10:43:16.0554 1384 GoogleDesktopManager-110309-193829 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:43:16.0570 1384 GoogleDesktopManager-110309-193829 - ok
10:43:16.0595 1384 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
10:43:16.0610 1384 GoToAssist - ok
10:43:16.0654 1384 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:43:16.0736 1384 gpsvc - ok
10:43:16.0760 1384 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:43:16.0775 1384 gupdate - ok
10:43:16.0779 1384 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:43:16.0796 1384 gupdatem - ok
10:43:16.0818 1384 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:43:16.0854 1384 gusvc - ok
10:43:16.0907 1384 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
10:43:16.0957 1384 HdAudAddService - ok
10:43:17.0036 1384 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:17.0090 1384 HDAudBus - ok
10:43:17.0118 1384 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:43:17.0171 1384 HidBth - ok
10:43:17.0185 1384 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:43:17.0242 1384 HidIr - ok
10:43:17.0256 1384 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
10:43:17.0289 1384 hidserv - ok
10:43:17.0305 1384 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:17.0364 1384 HidUsb - ok
10:43:17.0383 1384 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:43:17.0429 1384 hkmsvc - ok
10:43:17.0446 1384 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:43:17.0462 1384 HpCISSs - ok
10:43:17.0528 1384 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:43:17.0552 1384 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:43:17.0552 1384 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:43:17.0568 1384 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:43:17.0590 1384 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:43:17.0590 1384 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:43:17.0637 1384 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:43:17.0703 1384 HTTP - ok
10:43:17.0717 1384 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:43:17.0733 1384 i2omp - ok
10:43:17.0745 1384 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:17.0783 1384 i8042prt - ok
10:43:17.0810 1384 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:43:17.0834 1384 iaStorV - ok
10:43:17.0916 1384 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:43:17.0962 1384 idsvc - ok
10:43:17.0985 1384 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:43:17.0999 1384 iirsp - ok
10:43:18.0053 1384 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:43:18.0101 1384 IKEEXT - ok
10:43:18.0127 1384 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
10:43:18.0153 1384 int15 - ok
10:43:18.0341 1384 IntcAzAudAddService (bfcd7edc663f513e7c4a0b9400e58c70) C:\Windows\system32\drivers\RTKVHDA.sys
10:43:18.0512 1384 IntcAzAudAddService - ok
10:43:18.0590 1384 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:43:18.0607 1384 intelide - ok
10:43:18.0617 1384 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:43:18.0655 1384 intelppm - ok
10:43:18.0677 1384 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:43:18.0728 1384 IPBusEnum - ok
10:43:18.0743 1384 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:18.0789 1384 IpFilterDriver - ok
10:43:18.0829 1384 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
10:43:18.0871 1384 iphlpsvc - ok
10:43:18.0875 1384 IpInIp - ok
10:43:18.0894 1384 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:43:18.0937 1384 IPMIDRV - ok
10:43:18.0956 1384 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:43:19.0020 1384 IPNAT - ok
10:43:19.0037 1384 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:43:19.0076 1384 IRENUM - ok
10:43:19.0090 1384 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:43:19.0106 1384 isapnp - ok
10:43:19.0137 1384 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:43:19.0156 1384 iScsiPrt - ok
10:43:19.0199 1384 ISWKL (ee8bed092a58a4faeb08dc140729189e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:43:19.0222 1384 ISWKL - ok
10:43:19.0259 1384 IswSvc (aa7fd6a7532ef23fdcfc030195c148f9) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
10:43:19.0291 1384 IswSvc - ok
10:43:19.0303 1384 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:43:19.0320 1384 iteatapi - ok
10:43:19.0333 1384 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:43:19.0349 1384 iteraid - ok
10:43:19.0373 1384 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:19.0396 1384 kbdclass - ok
10:43:19.0403 1384 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:43:19.0462 1384 kbdhid - ok
10:43:19.0475 1384 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:19.0510 1384 KeyIso - ok
10:43:19.0538 1384 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
10:43:19.0562 1384 KL1 - ok
10:43:19.0577 1384 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
10:43:19.0598 1384 kl2 - ok
10:43:19.0639 1384 KLIF (46fa00bef951762919b66269371c22af) C:\Windows\system32\DRIVERS\klif.sys
10:43:19.0682 1384 KLIF - ok
10:43:19.0707 1384 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:43:19.0743 1384 KSecDD - ok
10:43:19.0961 1384 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
10:43:20.0067 1384 KService - ok
10:43:20.0161 1384 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:43:20.0217 1384 KtmRm - ok
10:43:20.0245 1384 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\system32\srvsvc.dll
10:43:20.0290 1384 LanmanServer - ok
10:43:20.0319 1384 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:43:20.0443 1384 LanmanWorkstation - ok
10:43:20.0478 1384 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:43:20.0542 1384 lltdio - ok
10:43:20.0580 1384 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:43:20.0635 1384 lltdsvc - ok
10:43:20.0649 1384 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:43:20.0705 1384 lmhosts - ok
10:43:20.0731 1384 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:43:20.0750 1384 LSI_FC - ok
10:43:20.0770 1384 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:43:20.0790 1384 LSI_SAS - ok
10:43:20.0811 1384 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:43:20.0834 1384 LSI_SCSI - ok
10:43:20.0859 1384 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:43:20.0920 1384 luafv - ok
10:43:20.0960 1384 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:43:20.0979 1384 MBAMProtector - ok
10:43:21.0091 1384 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:43:21.0120 1384 MBAMService - ok
10:43:21.0179 1384 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
10:43:21.0216 1384 McciCMService ( UnsignedFile.Multi.Generic ) - warning
10:43:21.0216 1384 McciCMService - detected UnsignedFile.Multi.Generic (1)
10:43:21.0256 1384 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:43:21.0288 1384 Mcx2Svc - ok
10:43:21.0313 1384 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:43:21.0328 1384 megasas - ok
10:43:21.0353 1384 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:43:21.0386 1384 MegaSR - ok
10:43:21.0412 1384 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:43:21.0463 1384 MMCSS - ok
10:43:21.0474 1384 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:43:21.0508 1384 Modem - ok
10:43:21.0519 1384 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:43:21.0554 1384 monitor - ok
10:43:21.0570 1384 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:43:21.0594 1384 mouclass - ok
10:43:21.0606 1384 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:43:21.0659 1384 mouhid - ok
10:43:21.0675 1384 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:43:21.0698 1384 MountMgr - ok
10:43:21.0735 1384 MozillaMaintenance (166f0cbff55d16552161c154317287ca) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:43:21.0753 1384 MozillaMaintenance - ok
10:43:21.0788 1384 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
10:43:21.0824 1384 MpFilter - ok
10:43:21.0845 1384 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:43:21.0862 1384 mpio - ok
10:43:21.0876 1384 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:43:21.0920 1384 mpsdrv - ok
10:43:21.0960 1384 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:43:21.0997 1384 MpsSvc - ok
10:43:22.0029 1384 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:43:22.0045 1384 Mraid35x - ok
10:43:22.0094 1384 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:43:22.0122 1384 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
10:43:22.0122 1384 MREMP50 - detected UnsignedFile.Multi.Generic (1)
10:43:22.0126 1384 MREMPR5 - ok
10:43:22.0133 1384 MRENDIS5 - ok
10:43:22.0162 1384 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:43:22.0174 1384 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
10:43:22.0174 1384 MRESP50 - detected UnsignedFile.Multi.Generic (1)
10:43:22.0202 1384 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:43:22.0227 1384 MRxDAV - ok
10:43:22.0254 1384 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:22.0301 1384 mrxsmb - ok
10:43:22.0323 1384 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:22.0376 1384 mrxsmb10 - ok
10:43:22.0384 1384 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:22.0438 1384 mrxsmb20 - ok
10:43:22.0450 1384 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:43:22.0467 1384 msahci - ok
10:43:22.0486 1384 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:43:22.0503 1384 msdsm - ok
10:43:22.0524 1384 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:43:22.0562 1384 MSDTC - ok
10:43:22.0581 1384 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:43:22.0623 1384 Msfs - ok
10:43:22.0636 1384 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:43:22.0660 1384 msisadrv - ok
10:43:22.0693 1384 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:43:22.0751 1384 MSiSCSI - ok
10:43:22.0756 1384 msiserver - ok
10:43:22.0791 1384 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:43:22.0828 1384 MSKSSRV - ok
10:43:22.0864 1384 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:43:22.0881 1384 MsMpSvc - ok
10:43:22.0892 1384 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:22.0930 1384 MSPCLOCK - ok
10:43:22.0935 1384 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:43:22.0992 1384 MSPQM - ok
10:43:23.0013 1384 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:43:23.0048 1384 MsRPC - ok
10:43:23.0057 1384 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:43:23.0075 1384 mssmbios - ok
10:43:23.0089 1384 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:43:23.0132 1384 MSTEE - ok
10:43:23.0139 1384 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:43:23.0165 1384 Mup - ok
10:43:23.0201 1384 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:43:23.0245 1384 napagent - ok
10:43:23.0276 1384 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:43:23.0302 1384 NativeWifiP - ok
10:43:23.0335 1384 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:43:23.0362 1384 NDIS - ok
10:43:23.0378 1384 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:23.0419 1384 NdisTapi - ok
10:43:23.0438 1384 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:23.0475 1384 Ndisuio - ok
10:43:23.0490 1384 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:23.0545 1384 NdisWan - ok
10:43:23.0562 1384 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:43:23.0600 1384 NDProxy - ok
10:43:23.0620 1384 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
10:43:23.0640 1384 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:43:23.0640 1384 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:43:23.0653 1384 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:43:23.0694 1384 NetBIOS - ok
10:43:23.0714 1384 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:43:23.0769 1384 netbt - ok
10:43:23.0800 1384 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:23.0825 1384 Netlogon - ok
10:43:23.0858 1384 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:43:23.0901 1384 Netman - ok
10:43:23.0958 1384 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:23.0993 1384 NetMsmqActivator - ok
10:43:23.0997 1384 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:24.0013 1384 NetPipeActivator - ok
10:43:24.0063 1384 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:43:24.0110 1384 netprofm - ok
10:43:24.0115 1384 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:24.0134 1384 NetTcpActivator - ok
10:43:24.0138 1384 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:43:24.0155 1384 NetTcpPortSharing - ok
10:43:24.0177 1384 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:43:24.0193 1384 nfrd960 - ok
10:43:24.0221 1384 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:43:24.0248 1384 NisDrv - ok
10:43:24.0308 1384 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:43:24.0335 1384 NisSrv - ok
10:43:24.0354 1384 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:43:24.0398 1384 NlaSvc - ok
10:43:24.0438 1384 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:43:24.0475 1384 Npfs - ok
10:43:24.0482 1384 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:43:24.0520 1384 nsi - ok
10:43:24.0533 1384 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:43:24.0584 1384 nsiproxy - ok
10:43:24.0663 1384 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:43:24.0725 1384 Ntfs - ok
10:43:24.0754 1384 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:43:24.0808 1384 ntrigdigi - ok
10:43:24.0819 1384 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:43:24.0859 1384 Null - ok
10:43:24.0888 1384 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
10:43:24.0921 1384 NVHDA - ok
10:43:25.0491 1384 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:43:25.0864 1384 nvlddmkm - ok
10:43:26.0079 1384 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:43:26.0097 1384 nvraid - ok
10:43:26.0115 1384 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:43:26.0131 1384 nvstor - ok
10:43:26.0158 1384 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
10:43:26.0175 1384 nvstor32 - ok
10:43:26.0226 1384 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
10:43:26.0256 1384 nvsvc - ok
10:43:26.0440 1384 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:43:26.0570 1384 nvUpdatusService - ok
10:43:26.0668 1384 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:43:26.0686 1384 nv_agp - ok
10:43:26.0690 1384 NwlnkFlt - ok
10:43:26.0697 1384 NwlnkFwd - ok
10:43:26.0719 1384 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:43:26.0780 1384 ohci1394 - ok
10:43:26.0829 1384 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:26.0862 1384 ose - ok
10:43:27.0168 1384 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:43:27.0377 1384 osppsvc - ok
10:43:27.0485 1384 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:27.0580 1384 p2pimsvc - ok
10:43:27.0589 1384 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:27.0623 1384 p2psvc - ok
10:43:27.0652 1384 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:43:27.0704 1384 Parport - ok
10:43:27.0731 1384 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
10:43:27.0769 1384 Partizan - ok
10:43:27.0790 1384 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:43:27.0820 1384 partmgr - ok
10:43:27.0830 1384 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:43:27.0881 1384 Parvdm - ok
10:43:27.0896 1384 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:43:27.0930 1384 PcaSvc - ok
10:43:27.0954 1384 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:43:27.0982 1384 pci - ok
10:43:27.0997 1384 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:43:28.0022 1384 pciide - ok
10:43:28.0044 1384 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:43:28.0070 1384 pcmcia - ok
10:43:28.0130 1384 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:43:28.0232 1384 PEAUTH - ok
10:43:28.0327 1384 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:43:28.0419 1384 pla - ok
10:43:28.0514 1384 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:43:28.0561 1384 PlugPlay - ok
10:43:28.0623 1384 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
10:43:28.0650 1384 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:43:28.0650 1384 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:43:28.0710 1384 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:28.0745 1384 PNRPAutoReg - ok
10:43:28.0752 1384 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:28.0789 1384 PNRPsvc - ok
10:43:28.0816 1384 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:43:28.0893 1384 PolicyAgent - ok
10:43:28.0920 1384 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:43:28.0970 1384 PptpMiniport - ok
10:43:28.0990 1384 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:43:29.0026 1384 Processor - ok
10:43:29.0037 1384 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:43:29.0077 1384 ProfSvc - ok
10:43:29.0092 1384 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:29.0116 1384 ProtectedStorage - ok
10:43:29.0142 1384 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:43:29.0189 1384 PSched - ok
10:43:29.0196 1384 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:43:29.0222 1384 PxHelp20 - ok
10:43:29.0292 1384 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:43:29.0357 1384 ql2300 - ok
10:43:29.0390 1384 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:43:29.0407 1384 ql40xx - ok
10:43:29.0441 1384 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:43:29.0483 1384 QWAVE - ok
10:43:29.0499 1384 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:43:29.0538 1384 QWAVEdrv - ok
10:43:29.0551 1384 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:43:29.0603 1384 RasAcd - ok
10:43:29.0620 1384 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:43:29.0671 1384 RasAuto - ok
10:43:29.0710 1384 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:43:29.0757 1384 Rasl2tp - ok
10:43:29.0824 1384 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:43:29.0864 1384 RasMan - ok
10:43:29.0879 1384 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:43:29.0920 1384 RasPppoe - ok
10:43:29.0950 1384 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:43:29.0981 1384 RasSstp - ok
10:43:30.0014 1384 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:43:30.0061 1384 rdbss - ok
10:43:30.0070 1384 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:43:30.0111 1384 RDPCDD - ok
10:43:30.0137 1384 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:43:30.0172 1384 rdpdr - ok
10:43:30.0177 1384 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:43:30.0227 1384 RDPENCDD - ok
10:43:30.0253 1384 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:43:30.0358 1384 RDPWD - ok
10:43:30.0371 1384 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
10:43:30.0403 1384 RegGuard - ok
10:43:30.0436 1384 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:43:30.0479 1384 RemoteAccess - ok
10:43:30.0495 1384 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:43:30.0539 1384 RemoteRegistry - ok
10:43:30.0554 1384 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:43:30.0607 1384 RpcLocator - ok
10:43:30.0640 1384 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:43:30.0678 1384 RpcSs - ok
10:43:30.0697 1384 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:43:30.0748 1384 rspndr - ok
10:43:30.0802 1384 RTL8169 (06992132cf20c3c1cba3f072c4086de8) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:43:30.0830 1384 RTL8169 - ok
10:43:30.0850 1384 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:43:30.0874 1384 SamSs - ok
10:43:30.0910 1384 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:43:30.0925 1384 SASDIFSV - ok
10:43:30.0943 1384 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:43:30.0958 1384 SASKUTIL - ok
10:43:30.0991 1384 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:43:31.0008 1384 sbp2port - ok
10:43:31.0096 1384 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:43:31.0167 1384 SBSDWSCService - ok
10:43:31.0189 1384 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:43:31.0237 1384 SCardSvr - ok
10:43:31.0277 1384 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll
10:43:31.0364 1384 Schedule - ok
10:43:31.0386 1384 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:43:31.0416 1384 SCPolicySvc - ok
10:43:31.0439 1384 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:43:31.0486 1384 SDRSVC - ok
10:43:31.0524 1384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:43:31.0594 1384 secdrv - ok
10:43:31.0605 1384 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:43:31.0644 1384 seclogon - ok
10:43:31.0656 1384 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:43:31.0694 1384 SENS - ok
10:43:31.0701 1384 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:43:31.0756 1384 Serenum - ok
10:43:31.0774 1384 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:43:31.0838 1384 Serial - ok
10:43:31.0857 1384 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:43:31.0899 1384 sermouse - ok
10:43:31.0917 1384 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:43:31.0960 1384 SessionEnv - ok
10:43:31.0973 1384 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:43:32.0010 1384 sffdisk - ok
10:43:32.0021 1384 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:43:32.0062 1384 sffp_mmc - ok
10:43:32.0082 1384 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:43:32.0123 1384 sffp_sd - ok
10:43:32.0136 1384 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:43:32.0186 1384 sfloppy - ok
10:43:32.0216 1384 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:43:32.0256 1384 SharedAccess - ok
10:43:32.0279 1384 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
10:43:32.0323 1384 ShellHWDetection - ok
10:43:32.0333 1384 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:43:32.0349 1384 sisagp - ok
10:43:32.0363 1384 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:43:32.0380 1384 SiSRaid2 - ok
10:43:32.0392 1384 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:43:32.0409 1384 SiSRaid4 - ok
10:43:32.0645 1384 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:43:32.0790 1384 slsvc - ok
10:43:32.0860 1384 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:43:32.0898 1384 SLUINotify - ok
10:43:32.0937 1384 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
10:43:32.0957 1384 SmartDefragDriver - ok
10:43:32.0989 1384 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:43:33.0035 1384 Smb - ok
10:43:33.0057 1384 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:43:33.0090 1384 SNMPTRAP - ok
10:43:33.0105 1384 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:43:33.0131 1384 spldr - ok
10:43:33.0152 1384 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe
10:43:33.0190 1384 Spooler - ok
10:43:33.0211 1384 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
10:43:33.0256 1384 srv - ok
10:43:33.0284 1384 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
10:43:33.0337 1384 srv2 - ok
10:43:33.0363 1384 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
10:43:33.0402 1384 srvnet - ok
10:43:33.0414 1384 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:43:33.0458 1384 SSDPSRV - ok
10:43:33.0479 1384 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:43:33.0500 1384 ssmdrv - ok
10:43:33.0521 1384 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:43:33.0553 1384 SstpSvc - ok
10:43:33.0592 1384 Steam Client Service - ok
10:43:33.0620 1384 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:43:33.0667 1384 StillCam - ok
10:43:33.0696 1384 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:43:33.0748 1384 stisvc - ok
10:43:33.0772 1384 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:43:33.0795 1384 swenum - ok
10:43:33.0828 1384 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:43:33.0868 1384 swprv - ok
10:43:33.0881 1384 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:43:33.0897 1384 Symc8xx - ok
10:43:33.0912 1384 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:43:33.0928 1384 Sym_hi - ok
10:43:33.0944 1384 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:43:33.0961 1384 Sym_u3 - ok
10:43:34.0026 1384 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:43:34.0086 1384 SysMain - ok
10:43:34.0112 1384 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:43:34.0159 1384 TabletInputService - ok
10:43:34.0188 1384 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:43:34.0232 1384 TapiSrv - ok
10:43:34.0245 1384 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:43:34.0287 1384 TBS - ok
10:43:34.0355 1384 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
10:43:34.0407 1384 Tcpip - ok
10:43:34.0422 1384 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
10:43:34.0457 1384 Tcpip6 - ok
10:43:34.0485 1384 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
10:43:34.0533 1384 tcpipreg - ok
10:43:34.0558 1384 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:43:34.0599 1384 TDPIPE - ok
10:43:34.0613 1384 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:43:34.0647 1384 TDTCP - ok
10:43:34.0678 1384 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:43:34.0716 1384 tdx - ok
10:43:34.0741 1384 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:43:34.0767 1384 TermDD - ok
10:43:34.0800 1384 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:43:34.0867 1384 TermService - ok
10:43:34.0891 1384 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
10:43:34.0923 1384 Themes - ok
10:43:34.0953 1384 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:43:34.0988 1384 THREADORDER - ok
10:43:35.0013 1384 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:43:35.0050 1384 TrkWks - ok
10:43:35.0096 1384 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:43:35.0141 1384 TrustedInstaller - ok
10:43:35.0154 1384 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:43:35.0191 1384 tssecsrv - ok
10:43:35.0200 1384 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:43:35.0251 1384 tunmp - ok
10:43:35.0258 1384 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
10:43:35.0305 1384 tunnel - ok
10:43:35.0318 1384 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:43:35.0335 1384 uagp35 - ok
10:43:35.0354 1384 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:43:35.0386 1384 udfs - ok
10:43:35.0409 1384 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:43:35.0461 1384 UI0Detect - ok
10:43:35.0477 1384 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:43:35.0496 1384 uliagpkx - ok
10:43:35.0515 1384 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:43:35.0540 1384 uliahci - ok
10:43:35.0555 1384 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:43:35.0575 1384 UlSata - ok
10:43:35.0588 1384 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:43:35.0615 1384 ulsata2 - ok
10:43:35.0625 1384 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:43:35.0666 1384 umbus - ok
10:43:35.0695 1384 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:43:35.0737 1384 upnphost - ok
10:43:35.0758 1384 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:43:35.0799 1384 usbccgp - ok
10:43:35.0818 1384 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:43:35.0868 1384 usbcir - ok
10:43:35.0888 1384 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:43:35.0929 1384 usbehci - ok
10:43:35.0952 1384 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:43:36.0030 1384 usbhub - ok
10:43:36.0045 1384 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
10:43:36.0089 1384 usbohci - ok
10:43:36.0102 1384 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:43:36.0144 1384 usbprint - ok
10:43:36.0163 1384 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:43:36.0207 1384 usbscan - ok
10:43:36.0221 1384 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:43:36.0259 1384 USBSTOR - ok
10:43:36.0269 1384 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:43:36.0311 1384 usbuhci - ok
10:43:36.0338 1384 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:43:36.0380 1384 UxSms - ok
10:43:36.0416 1384 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:43:36.0462 1384 vds - ok
10:43:36.0476 1384 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:43:36.0528 1384 vga - ok
10:43:36.0540 1384 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:43:36.0592 1384 VgaSave - ok
10:43:36.0603 1384 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:43:36.0620 1384 viaagp - ok
10:43:36.0636 1384 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:43:36.0671 1384 ViaC7 - ok
10:43:36.0677 1384 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:43:36.0696 1384 viaide - ok
10:43:36.0712 1384 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:43:36.0735 1384 volmgr - ok
10:43:36.0764 1384 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:43:36.0797 1384 volmgrx - ok
10:43:36.0814 1384 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:43:36.0843 1384 volsnap - ok
10:43:36.0884 1384 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\DRIVERS\vsdatant.sys
10:43:36.0915 1384 Vsdatant - ok
10:43:36.0920 1384 vsdatant7 - ok
10:43:36.0964 1384 vsmon - ok
10:43:37.0017 1384 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:43:37.0045 1384 vsmraid - ok
10:43:37.0112 1384 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:43:37.0198 1384 VSS - ok
10:43:37.0287 1384 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
10:43:37.0345 1384 vToolbarUpdater11.0.2 - ok
10:43:37.0455 1384 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:43:37.0491 1384 W32Time - ok
10:43:37.0532 1384 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:43:37.0592 1384 WacomPen - ok
10:43:37.0605 1384 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:37.0652 1384 Wanarp - ok
10:43:37.0655 1384 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:37.0686 1384 Wanarpv6 - ok
10:43:37.0716 1384 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:43:37.0760 1384 wcncsvc - ok
10:43:37.0782 1384 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:43:37.0823 1384 WcsPlugInService - ok
10:43:37.0835 1384 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:43:37.0858 1384 Wd - ok
10:43:37.0894 1384 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:43:37.0933 1384 Wdf01000 - ok
10:43:37.0968 1384 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:43:38.0011 1384 WdiServiceHost - ok
10:43:38.0016 1384 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:43:38.0053 1384 WdiSystemHost - ok
10:43:38.0081 1384 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:43:38.0108 1384 WebClient - ok
10:43:38.0120 1384 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
10:43:38.0166 1384 Wecsvc - ok
10:43:38.0175 1384 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:43:38.0219 1384 wercplsupport - ok
10:43:38.0239 1384 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:43:38.0271 1384 WerSvc - ok
10:43:38.0325 1384 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:43:38.0353 1384 WinDefend - ok
10:43:38.0364 1384 WinHttpAutoProxySvc - ok
10:43:38.0412 1384 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:43:38.0441 1384 Winmgmt - ok
10:43:38.0491 1384 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
10:43:38.0541 1384 WinRM - ok
10:43:38.0587 1384 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:43:38.0638 1384 Wlansvc - ok
10:43:38.0678 1384 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:43:38.0693 1384 wlcrasvc - ok
10:43:38.0812 1384 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:43:38.0889 1384 wlidsvc - ok
10:43:38.0982 1384 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:43:39.0046 1384  WmiAcpi - ok
10:43:39.0089 1384 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:43:39.0133 1384 WmiApSrv - ok
10:43:39.0237 1384 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:43:39.0300 1384 WMPNetworkSvc - ok
10:43:39.0318 1384 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:43:39.0368 1384 WPCSvc - ok
10:43:39.0380 1384 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:43:39.0423 1384 WPDBusEnum - ok
10:43:39.0527 1384 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:43:39.0570 1384 WPFFontCache_v0400 - ok
10:43:39.0598 1384 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:43:39.0643 1384 ws2ifsl - ok
10:43:39.0666 1384 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
10:43:39.0695 1384 wscsvc - ok
10:43:39.0700 1384 WSearch - ok
10:43:39.0820 1384 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:43:39.0902 1384 wuauserv - ok
10:43:39.0973 1384 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:43:40.0038 1384 wudfsvc - ok
10:43:40.0056 1384 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:43:40.0366 1384 \Device\Harddisk0\DR0 - ok
10:43:40.0370 1384 Boot (0x1200) (1564506fc0713d153b896ad06c0f6c1f) \Device\Harddisk0\DR0\Partition0
10:43:40.0371 1384 \Device\Harddisk0\DR0\Partition0 - ok
10:43:40.0372 1384 ============================================================
10:43:40.0372 1384 Scan finished
10:43:40.0372 1384 ============================================================
10:43:40.0390 2568 Detected object count: 10
10:43:40.0390 2568 Actual detected object count: 10
10:45:00.0676 2568 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0676 2568 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0680 2568 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0680 2568 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0683 2568 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0683 2568 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0685 2568 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0685 2568 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0687 2568 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0687 2568 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0690 2568 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0690 2568 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0693 2568 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0693 2568 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0696 2568 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0696 2568 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0698 2568 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0698 2568 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:00.0700 2568 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:00.0700 2568 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:43.0663 3304 ============================================================
10:45:43.0663 3304 Scan started
10:45:43.0663 3304 Mode: Manual; SigCheck; 
10:45:43.0663 3304 ============================================================
10:45:44.0042 3304 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:45:44.0070 3304 !SASCORE - ok
10:45:44.0141 3304 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:45:44.0163 3304 ACPI - ok
10:45:44.0206 3304 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
10:45:44.0222 3304 AdobeActiveFileMonitor6.0 - ok
10:45:44.0258 3304 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:45:44.0273 3304 AdobeARMservice - ok
10:45:44.0319 3304 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:45:44.0337 3304 AdobeFlashPlayerUpdateSvc - ok
10:45:44.0376 3304 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:45:44.0400 3304 adp94xx - ok
10:45:44.0452 3304 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:45:44.0471 3304 adpahci - ok
10:45:44.0495 3304 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:45:44.0512 3304 adpu160m - ok
10:45:44.0528 3304 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:45:44.0545 3304 adpu320 - ok
10:45:44.0623 3304 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
10:45:44.0654 3304 AdvancedSystemCareService5 - ok
10:45:44.0687 3304 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:45:44.0717 3304 AeLookupSvc - ok
10:45:44.0743 3304 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
10:45:44.0774 3304 AFD - ok
10:45:44.0785 3304 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:45:44.0801 3304 agp440 - ok
10:45:44.0811 3304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:45:44.0828 3304 aic78xx - ok
10:45:44.0844 3304 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:45:44.0876 3304 ALG - ok
10:45:44.0893 3304 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:45:44.0909 3304 aliide - ok
10:45:44.0935 3304 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:45:44.0951 3304 amdagp - ok
10:45:44.0981 3304 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:45:44.0996 3304 amdide - ok
10:45:45.0016 3304 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:45:45.0048 3304 AmdK7 - ok
10:45:45.0067 3304 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:45:45.0100 3304 AmdK8 - ok
10:45:45.0139 3304 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:45:45.0154 3304 AntiVirSchedulerService - ok
10:45:45.0178 3304 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:45:45.0194 3304 AntiVirService - ok
10:45:45.0218 3304 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:45:45.0242 3304 Appinfo - ok
10:45:45.0274 3304 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:45:45.0291 3304 arc - ok
10:45:45.0303 3304 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:45:45.0320 3304 arcsas - ok
10:45:45.0382 3304 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:45:45.0398 3304 aspnet_state - ok
10:45:45.0412 3304 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:45:45.0445 3304 AsyncMac - ok
10:45:45.0475 3304 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:45:45.0492 3304 atapi - ok
10:45:45.0520 3304 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:45:45.0555 3304 AudioEndpointBuilder - ok
10:45:45.0560 3304 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:45:45.0591 3304 Audiosrv - ok
10:45:45.0610 3304 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
10:45:45.0625 3304 avgntflt - ok
10:45:45.0648 3304 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
10:45:45.0663 3304 avipbb - ok
10:45:45.0675 3304 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:45:45.0690 3304 avkmgr - ok
10:45:45.0701 3304 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:45:45.0734 3304 Beep - ok
10:45:45.0764 3304 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:45:45.0799 3304 BFE - ok
10:45:45.0856 3304 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:45:45.0902 3304 BITS - ok
10:45:45.0934 3304 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:45:45.0976 3304 blbdrive - ok
10:45:46.0042 3304 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
10:45:46.0062 3304 Bonjour Service - ok
10:45:46.0088 3304 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
10:45:46.0121 3304 bowser - ok
10:45:46.0131 3304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:45:46.0160 3304 BrFiltLo - ok
10:45:46.0171 3304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:45:46.0199 3304 BrFiltUp - ok
10:45:46.0218 3304 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:45:46.0253 3304 Browser - ok
10:45:46.0267 3304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:45:46.0316 3304 Brserid - ok
10:45:46.0325 3304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:45:46.0375 3304 BrSerWdm - ok
10:45:46.0385 3304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:45:46.0434 3304 BrUsbMdm - ok
10:45:46.0450 3304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:45:46.0499 3304 BrUsbSer - ok
10:45:46.0514 3304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:45:46.0563 3304 BTHMODEM - ok
10:45:46.0572 3304 catchme - ok
10:45:46.0590 3304 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:45:46.0626 3304 cdfs - ok
10:45:46.0648 3304 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:45:46.0678 3304 cdrom - ok
10:45:46.0702 3304 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:45:46.0730 3304 CertPropSvc - ok
10:45:46.0748 3304 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:45:46.0781 3304 circlass - ok
10:45:46.0808 3304 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:45:46.0828 3304 CLFS - ok
10:45:46.0875 3304 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:45:46.0892 3304 clr_optimization_v2.0.50727_32 - ok
10:45:46.0943 3304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:45:46.0969 3304 clr_optimization_v4.0.30319_32 - ok
10:45:46.0998 3304 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:45:47.0013 3304 cmdide - ok
10:45:47.0023 3304 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
10:45:47.0038 3304 Compbatt - ok
10:45:47.0043 3304 COMSysApp - ok
10:45:47.0050 3304 cpuz134 - ok
10:45:47.0076 3304 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:45:47.0091 3304 crcdisk - ok
10:45:47.0105 3304 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:45:47.0139 3304 Crusoe - ok
10:45:47.0171 3304 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:45:47.0200 3304 CryptSvc - ok
10:45:47.0264 3304 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:45:47.0320 3304 DcomLaunch - ok
10:45:47.0340 3304 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
10:45:47.0369 3304 DfsC - ok
10:45:47.0486 3304 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:45:47.0581 3304 DFSR - ok
10:45:47.0667 3304 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:45:47.0699 3304 Dhcp - ok
10:45:47.0726 3304 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:45:47.0744 3304 disk - ok
10:45:47.0768 3304 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
10:45:47.0800 3304 Dnscache - ok
10:45:47.0825 3304 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:45:47.0855 3304 dot3svc - ok
10:45:47.0877 3304 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:45:47.0911 3304 Dot4 - ok
10:45:47.0922 3304 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:45:47.0957 3304 Dot4Print - ok
10:45:47.0981 3304 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:45:48.0013 3304 dot4usb - ok
10:45:48.0026 3304 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:45:48.0062 3304 DPS - ok
10:45:48.0080 3304 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:45:48.0110 3304 drmkaud - ok
10:45:48.0153 3304 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
10:45:48.0227 3304 DXGKrnl - ok
10:45:48.0245 3304 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:45:48.0281 3304 E1G60 - ok
10:45:48.0292 3304 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:45:48.0322 3304 EapHost - ok
10:45:48.0349 3304 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:45:48.0368 3304 Ecache - ok
10:45:48.0401 3304 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:45:48.0427 3304 ehRecvr - ok
10:45:48.0449 3304 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:45:48.0471 3304 ehSched - ok
10:45:48.0480 3304 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:45:48.0501 3304 ehstart - ok
10:45:48.0533 3304 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:45:48.0565 3304 elxstor - ok
10:45:48.0609 3304 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:45:48.0666 3304 EMDMgmt - ok
10:45:48.0671 3304 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:45:48.0706 3304 ErrDev - ok
10:45:48.0759 3304 ETService (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
10:45:48.0771 3304 ETService ( UnsignedFile.Multi.Generic ) - warning
10:45:48.0771 3304 ETService - detected UnsignedFile.Multi.Generic (1)
10:45:48.0801 3304 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:45:48.0837 3304 EventSystem - ok
10:45:48.0856 3304 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:45:48.0909 3304 exfat - ok
10:45:48.0939 3304 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
10:45:48.0953 3304 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
10:45:48.0954 3304 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
10:45:48.0999 3304 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:45:49.0028 3304 fastfat - ok
10:45:49.0039 3304 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:45:49.0075 3304 fdc - ok
10:45:49.0088 3304 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:45:49.0126 3304 fdPHost - ok
10:45:49.0132 3304 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:45:49.0183 3304 FDResPub - ok
10:45:49.0201 3304 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:45:49.0218 3304 FileInfo - ok
10:45:49.0228 3304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:45:49.0262 3304 Filetrace - ok
10:45:49.0319 3304 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:45:49.0342 3304 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:45:49.0342 3304 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:45:49.0358 3304 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:45:49.0391 3304 flpydisk - ok
10:45:49.0416 3304 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:45:49.0435 3304 FltMgr - ok
10:45:49.0512 3304 FontCache (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
10:45:49.0546 3304 FontCache - ok
10:45:49.0616 3304 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:45:49.0640 3304 FontCache3.0.0.0 - ok
10:45:49.0666 3304 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:45:49.0681 3304 fssfltr - ok
10:45:49.0796 3304 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:45:49.0899 3304 fsssvc - ok
10:45:50.0008 3304 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:45:50.0036 3304 Fs_Rec - ok
10:45:50.0060 3304 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:45:50.0076 3304 gagp30kx - ok
10:45:50.0108 3304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:45:50.0121 3304 GEARAspiWDM - ok
10:45:50.0178 3304 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:45:50.0192 3304 GoogleDesktopManager-051210-111108 - ok
10:45:50.0196 3304 GoogleDesktopManager-110309-193829 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:45:50.0210 3304 GoogleDesktopManager-110309-193829 - ok
10:45:50.0235 3304 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
10:45:50.0249 3304 GoToAssist - ok
10:45:50.0297 3304 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:45:50.0334 3304 gpsvc - ok
10:45:50.0367 3304 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:45:50.0392 3304 gupdate - ok
10:45:50.0396 3304 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:45:50.0413 3304 gupdatem - ok
10:45:50.0442 3304 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:45:50.0457 3304 gusvc - ok
10:45:50.0499 3304 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
10:45:50.0531 3304 HdAudAddService - ok
10:45:50.0576 3304 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:45:50.0616 3304 HDAudBus - ok
10:45:50.0641 3304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:45:50.0691 3304 HidBth - ok
10:45:50.0700 3304 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:45:50.0749 3304 HidIr - ok
10:45:50.0763 3304 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
10:45:50.0786 3304 hidserv - ok
10:45:50.0803 3304 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:45:50.0831 3304 HidUsb - ok
10:45:50.0848 3304 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:45:50.0883 3304 hkmsvc - ok
10:45:50.0895 3304 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:45:50.0910 3304 HpCISSs - ok
10:45:50.0977 3304 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:45:50.0990 3304 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:45:50.0990 3304 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:45:51.0024 3304 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:45:51.0037 3304 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:45:51.0037 3304 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:45:51.0085 3304 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:45:51.0113 3304 HTTP - ok
10:45:51.0132 3304 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:45:51.0148 3304 i2omp - ok
10:45:51.0160 3304 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:45:51.0189 3304 i8042prt - ok
10:45:51.0216 3304 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:45:51.0241 3304 iaStorV - ok
10:45:51.0323 3304 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:45:51.0364 3304 idsvc - ok
10:45:51.0383 3304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:45:51.0399 3304 iirsp - ok
10:45:51.0441 3304 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:45:51.0508 3304 IKEEXT - ok
10:45:51.0534 3304 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
10:45:51.0548 3304 int15 - ok
10:45:51.0748 3304 IntcAzAudAddService (bfcd7edc663f513e7c4a0b9400e58c70) C:\Windows\system32\drivers\RTKVHDA.sys
10:45:52.0004 3304 IntcAzAudAddService - ok
10:45:52.0097 3304 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:45:52.0113 3304 intelide - ok
10:45:52.0141 3304 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:45:52.0174 3304 intelppm - ok
10:45:52.0209 3304 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:45:52.0243 3304 IPBusEnum - ok
10:45:52.0258 3304 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:45:52.0293 3304 IpFilterDriver - ok
10:45:52.0319 3304 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
10:45:52.0357 3304 iphlpsvc - ok
10:45:52.0362 3304 IpInIp - ok
10:45:52.0376 3304 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:45:52.0409 3304 IPMIDRV - ok
10:45:52.0438 3304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:45:52.0474 3304 IPNAT - ok
10:45:52.0502 3304 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:45:52.0534 3304 IRENUM - ok
10:45:52.0547 3304 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:45:52.0564 3304 isapnp - ok
10:45:52.0594 3304 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:45:52.0621 3304 iScsiPrt - ok
10:45:52.0665 3304 ISWKL (ee8bed092a58a4faeb08dc140729189e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:45:52.0679 3304 ISWKL - ok
10:45:52.0724 3304 IswSvc (aa7fd6a7532ef23fdcfc030195c148f9) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
10:45:52.0745 3304 IswSvc - ok
10:45:52.0760 3304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:45:52.0776 3304 iteatapi - ok
10:45:52.0790 3304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:45:52.0805 3304 iteraid - ok
10:45:52.0813 3304 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:45:52.0828 3304 kbdclass - ok
10:45:52.0852 3304 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:45:52.0884 3304 kbdhid - ok
10:45:52.0907 3304 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:45:52.0940 3304 KeyIso - ok
10:45:52.0977 3304 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
10:45:52.0993 3304 KL1 - ok
10:45:53.0008 3304 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
10:45:53.0021 3304 kl2 - ok
10:45:53.0054 3304 KLIF (46fa00bef951762919b66269371c22af) C:\Windows\system32\DRIVERS\klif.sys
10:45:53.0076 3304 KLIF - ok
10:45:53.0100 3304 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:45:53.0124 3304 KSecDD - ok
10:45:53.0306 3304 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
10:45:53.0392 3304 KService - ok
10:45:53.0484 3304 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:45:53.0559 3304 KtmRm - ok
10:45:53.0602 3304 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\system32\srvsvc.dll
10:45:53.0642 3304 LanmanServer - ok
10:45:53.0668 3304 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:45:53.0717 3304 LanmanWorkstation - ok
10:45:53.0743 3304 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:45:53.0777 3304 lltdio - ok
10:45:53.0808 3304 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:45:53.0843 3304 lltdsvc - ok
10:45:53.0855 3304 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:45:53.0906 3304 lmhosts - ok
10:45:53.0941 3304 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:45:53.0959 3304 LSI_FC - ok
10:45:53.0976 3304 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:45:53.0994 3304 LSI_SAS - ok
10:45:54.0010 3304 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:45:54.0029 3304 LSI_SCSI - ok
10:45:54.0043 3304 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:45:54.0076 3304 luafv - ok
10:45:54.0100 3304 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:45:54.0116 3304 MBAMProtector - ok
10:45:54.0196 3304 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:45:54.0230 3304 MBAMService - ok
10:45:54.0286 3304 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
10:45:54.0305 3304 McciCMService ( UnsignedFile.Multi.Generic ) - warning
10:45:54.0305 3304 McciCMService - detected UnsignedFile.Multi.Generic (1)
10:45:54.0329 3304 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:45:54.0353 3304 Mcx2Svc - ok
10:45:54.0362 3304 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:45:54.0377 3304 megasas - ok
10:45:54.0409 3304 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:45:54.0458 3304 MegaSR - ok
10:45:54.0485 3304 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:54.0520 3304 MMCSS - ok
10:45:54.0539 3304 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:45:54.0572 3304 Modem - ok
10:45:54.0584 3304 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:45:54.0617 3304 monitor - ok
10:45:54.0636 3304 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:45:54.0651 3304 mouclass - ok
10:45:54.0663 3304 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:45:54.0696 3304 mouhid - ok
10:45:54.0715 3304 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:45:54.0730 3304 MountMgr - ok
10:45:54.0767 3304 MozillaMaintenance (166f0cbff55d16552161c154317287ca) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:45:54.0785 3304 MozillaMaintenance - ok
10:45:54.0803 3304 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
10:45:54.0822 3304 MpFilter - ok
10:45:54.0835 3304 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:45:54.0855 3304 mpio - ok
10:45:54.0866 3304 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:45:54.0896 3304 mpsdrv - ok
10:45:54.0940 3304 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:45:55.0019 3304 MpsSvc - ok
10:45:55.0036 3304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:45:55.0051 3304 Mraid35x - ok
10:45:55.0091 3304 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:45:55.0102 3304 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
10:45:55.0102 3304 MREMP50 - detected UnsignedFile.Multi.Generic (1)
10:45:55.0107 3304 MREMPR5 - ok
10:45:55.0113 3304 MRENDIS5 - ok
10:45:55.0128 3304 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:45:55.0138 3304 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
10:45:55.0138 3304 MRESP50 - detected UnsignedFile.Multi.Generic (1)
10:45:55.0167 3304 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:45:55.0194 3304 MRxDAV - ok
10:45:55.0220 3304 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:55.0248 3304 mrxsmb - ok
10:45:55.0272 3304 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:55.0302 3304 mrxsmb10 - ok
10:45:55.0312 3304 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:55.0340 3304 mrxsmb20 - ok
10:45:55.0357 3304 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:45:55.0372 3304 msahci - ok
10:45:55.0393 3304 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:45:55.0413 3304 msdsm - ok
10:45:55.0447 3304 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:45:55.0484 3304 MSDTC - ok
10:45:55.0505 3304 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:45:55.0538 3304 Msfs - ok
10:45:55.0559 3304 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:45:55.0574 3304 msisadrv - ok
10:45:55.0600 3304 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:45:55.0634 3304 MSiSCSI - ok
10:45:55.0638 3304 msiserver - ok
10:45:55.0657 3304 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:45:55.0691 3304 MSKSSRV - ok
10:45:55.0721 3304 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:45:55.0737 3304 MsMpSvc - ok
10:45:55.0749 3304 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:55.0781 3304 MSPCLOCK - ok
10:45:55.0786 3304 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:45:55.0819 3304 MSPQM - ok
10:45:55.0844 3304 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:45:55.0863 3304 MsRPC - ok
10:45:55.0872 3304 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:45:55.0888 3304 mssmbios - ok
10:45:55.0893 3304 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:45:55.0929 3304 MSTEE - ok
10:45:55.0936 3304 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:45:55.0953 3304 Mup - ok
10:45:55.0991 3304 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:45:56.0051 3304 napagent - ok
10:45:56.0083 3304 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:45:56.0116 3304 NativeWifiP - ok
10:45:56.0150 3304 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:45:56.0190 3304 NDIS - ok
10:45:56.0202 3304 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:56.0230 3304 NdisTapi - ok
10:45:56.0245 3304 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:56.0278 3304 Ndisuio - ok
10:45:56.0297 3304 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:56.0326 3304 NdisWan - ok
10:45:56.0344 3304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:45:56.0372 3304 NDProxy - ok
10:45:56.0394 3304 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
10:45:56.0406 3304 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:45:56.0406 3304 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:45:56.0426 3304 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:45:56.0459 3304 NetBIOS - ok
10:45:56.0478 3304 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:45:56.0508 3304 netbt - ok
10:45:56.0532 3304 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:45:56.0555 3304 Netlogon - ok
10:45:56.0599 3304 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:45:56.0639 3304 Netman - ok
10:45:56.0691 3304 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0708 3304 NetMsmqActivator - ok
10:45:56.0712 3304 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0729 3304 NetPipeActivator - ok
10:45:56.0756 3304 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:45:56.0806 3304 netprofm - ok
10:45:56.0810 3304 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0826 3304 NetTcpActivator - ok
10:45:56.0831 3304 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:56.0847 3304 NetTcpPortSharing - ok
10:45:56.0875 3304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:45:56.0891 3304 nfrd960 - ok
10:45:56.0912 3304 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:45:56.0928 3304 NisDrv - ok
10:45:56.0974 3304 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:45:57.0043 3304 NisSrv - ok
10:45:57.0061 3304 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:45:57.0120 3304 NlaSvc - ok
10:45:57.0137 3304 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:45:57.0166 3304 Npfs - ok
10:45:57.0181 3304 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:45:57.0215 3304 nsi - ok
10:45:57.0223 3304 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:45:57.0256 3304 nsiproxy - ok
10:45:57.0337 3304 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:45:57.0373 3304 Ntfs - ok
10:45:57.0402 3304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:45:57.0452 3304 ntrigdigi - ok
10:45:57.0476 3304 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:45:57.0508 3304 Null - ok
10:45:57.0537 3304 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
10:45:57.0554 3304 NVHDA - ok
10:45:58.0107 3304 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:45:58.0395 3304 nvlddmkm - ok
10:45:58.0479 3304 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:45:58.0501 3304 nvraid - ok
10:45:58.0530 3304 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:45:58.0548 3304 nvstor - ok
10:45:58.0574 3304 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
10:45:58.0600 3304 nvstor32 - ok
10:45:58.0649 3304 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
10:45:58.0695 3304 nvsvc - ok
10:45:58.0864 3304 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:45:58.0977 3304 nvUpdatusService - ok
10:45:59.0117 3304 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:45:59.0138 3304 nv_agp - ok
10:45:59.0144 3304 NwlnkFlt - ok
10:45:59.0152 3304 NwlnkFwd - ok
10:45:59.0184 3304 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:45:59.0240 3304 ohci1394 - ok
10:45:59.0279 3304 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:45:59.0306 3304 ose - ok
10:45:59.0576 3304 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:45:59.0794 3304 osppsvc - ok
10:45:59.0943 3304 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:00.0026 3304 p2pimsvc - ok
10:46:00.0035 3304 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:00.0072 3304 p2psvc - ok
10:46:00.0102 3304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:46:00.0160 3304 Parport - ok
10:46:00.0180 3304 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
10:46:00.0194 3304 Partizan - ok
10:46:00.0213 3304 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:46:00.0230 3304 partmgr - ok
10:46:00.0245 3304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:46:00.0293 3304 Parvdm - ok
10:46:00.0311 3304 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:46:00.0335 3304 PcaSvc - ok
10:46:00.0352 3304 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:46:00.0370 3304 pci - ok
10:46:00.0379 3304 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:46:00.0395 3304 pciide - ok
10:46:00.0425 3304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:46:00.0452 3304 pcmcia - ok
10:46:00.0521 3304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:46:00.0585 3304 PEAUTH - ok
10:46:00.0684 3304 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:46:00.0764 3304 pla - ok
10:46:00.0871 3304 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:46:00.0924 3304 PlugPlay - ok
10:46:00.0969 3304 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
10:46:00.0980 3304 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:46:00.0980 3304 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:46:01.0050 3304 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:01.0083 3304 PNRPAutoReg - ok
10:46:01.0092 3304 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:46:01.0124 3304 PNRPsvc - ok
10:46:01.0156 3304 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:46:01.0190 3304 PolicyAgent - ok
10:46:01.0227 3304 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:46:01.0259 3304 PptpMiniport - ok
10:46:01.0288 3304 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:46:01.0321 3304 Processor - ok
10:46:01.0340 3304 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:46:01.0373 3304 ProfSvc - ok
10:46:01.0399 3304 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:46:01.0422 3304 ProtectedStorage - ok
10:46:01.0449 3304 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:46:01.0476 3304 PSched - ok
10:46:01.0483 3304 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:46:01.0498 3304 PxHelp20 - ok
10:46:01.0566 3304 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:46:01.0637 3304 ql2300 - ok
10:46:01.0656 3304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:46:01.0675 3304 ql40xx - ok
10:46:01.0705 3304 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:46:01.0732 3304 QWAVE - ok
10:46:01.0748 3304 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:46:01.0770 3304 QWAVEdrv - ok
10:46:01.0783 3304 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:46:01.0815 3304 RasAcd - ok
10:46:01.0835 3304 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:46:01.0869 3304 RasAuto - ok
10:46:01.0884 3304 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:46:01.0917 3304 Rasl2tp - ok
10:46:01.0945 3304 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:46:01.0981 3304 RasMan - ok
10:46:02.0002 3304 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:46:02.0031 3304 RasPppoe - ok
10:46:02.0047 3304 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:46:02.0069 3304 RasSstp - ok
10:46:02.0105 3304 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:46:02.0134 3304 rdbss - ok
10:46:02.0144 3304 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:46:02.0176 3304 RDPCDD - ok
10:46:02.0203 3304 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:46:02.0260 3304 rdpdr - ok
10:46:02.0265 3304 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:46:02.0299 3304 RDPENCDD - ok
10:46:02.0327 3304 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:46:02.0351 3304 RDPWD - ok
10:46:02.0369 3304 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
10:46:02.0383 3304 RegGuard - ok
10:46:02.0402 3304 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:46:02.0437 3304 RemoteAccess - ok
10:46:02.0460 3304 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:46:02.0490 3304 RemoteRegistry - ok
10:46:02.0503 3304 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:46:02.0526 3304 RpcLocator - ok
10:46:02.0631 3304 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:46:02.0673 3304 RpcSs - ok
10:46:02.0696 3304 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:46:02.0728 3304 rspndr - ok
10:46:02.0771 3304 RTL8169 (06992132cf20c3c1cba3f072c4086de8) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:46:02.0789 3304 RTL8169 - ok
10:46:02.0807 3304 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
10:46:02.0830 3304 SamSs - ok
10:46:02.0867 3304 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:46:02.0881 3304 SASDIFSV - ok
10:46:02.0891 3304 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:46:02.0907 3304 SASKUTIL - ok
10:46:02.0923 3304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:46:02.0941 3304 sbp2port - ok
10:46:03.0053 3304 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:46:03.0106 3304 SBSDWSCService - ok
10:46:03.0129 3304 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:46:03.0159 3304 SCardSvr - ok
10:46:03.0201 3304 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll
10:46:03.0241 3304 Schedule - ok
10:46:03.0268 3304 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:46:03.0296 3304 SCPolicySvc - ok
10:46:03.0313 3304 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:46:03.0338 3304 SDRSVC - ok
10:46:03.0364 3304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:46:03.0413 3304 secdrv - ok
10:46:03.0445 3304 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:46:03.0479 3304 seclogon - ok
10:46:03.0496 3304 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:46:03.0531 3304 SENS - ok
10:46:03.0541 3304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:46:03.0590 3304 Serenum - ok
10:46:03.0614 3304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:46:03.0665 3304 Serial - ok
10:46:03.0676 3304 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:46:03.0709 3304 sermouse - ok
10:46:03.0785 3304 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:46:03.0833 3304 SessionEnv - ok
10:46:03.0847 3304 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:46:03.0875 3304 sffdisk - ok
10:46:03.0887 3304 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:46:03.0919 3304 sffp_mmc - ok
10:46:03.0936 3304 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:46:03.0968 3304 sffp_sd - ok
10:46:04.0002 3304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:46:04.0050 3304 sfloppy - ok
10:46:04.0081 3304 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:46:04.0129 3304 SharedAccess - ok
10:46:04.0153 3304 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
10:46:04.0187 3304 ShellHWDetection - ok
10:46:04.0198 3304 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:46:04.0215 3304 sisagp - ok
10:46:04.0229 3304 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:46:04.0245 3304 SiSRaid2 - ok
10:46:04.0257 3304 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:46:04.0274 3304 SiSRaid4 - ok
10:46:04.0474 3304 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:46:04.0595 3304 slsvc - ok
10:46:04.0676 3304 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:46:04.0709 3304 SLUINotify - ok
10:46:04.0747 3304 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
10:46:04.0761 3304 SmartDefragDriver - ok
10:46:04.0787 3304 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:46:04.0818 3304 Smb - ok
10:46:04.0848 3304 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:46:04.0872 3304 SNMPTRAP - ok
10:46:04.0887 3304 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:46:04.0904 3304 spldr - ok
10:46:04.0926 3304 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe
10:46:04.0960 3304 Spooler - ok
10:46:04.0985 3304 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
10:46:05.0014 3304 srv - ok
10:46:05.0040 3304 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
10:46:05.0063 3304 srv2 - ok
10:46:05.0087 3304 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
10:46:05.0115 3304 srvnet - ok
10:46:05.0126 3304 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:46:05.0163 3304 SSDPSRV - ok
10:46:05.0186 3304 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:46:05.0199 3304 ssmdrv - ok
10:46:05.0219 3304 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:46:05.0253 3304 SstpSvc - ok
10:46:05.0291 3304 Steam Client Service - ok
10:46:05.0310 3304 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:46:05.0338 3304 StillCam - ok
10:46:05.0381 3304 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:46:05.0413 3304 stisvc - ok
10:46:05.0429 3304 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:46:05.0445 3304 swenum - ok
10:46:05.0466 3304 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:46:05.0500 3304 swprv - ok
10:46:05.0529 3304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:46:05.0544 3304 Symc8xx - ok
10:46:05.0578 3304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:46:05.0593 3304 Sym_hi - ok
10:46:05.0609 3304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:46:05.0624 3304 Sym_u3 - ok
10:46:05.0667 3304 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:46:05.0706 3304 SysMain - ok
10:46:05.0727 3304 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:46:05.0752 3304 TabletInputService - ok
10:46:05.0778 3304 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:46:05.0814 3304 TapiSrv - ok
10:46:05.0827 3304 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:46:05.0861 3304 TBS - ok
10:46:05.0943 3304 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
10:46:05.0978 3304 Tcpip - ok
10:46:05.0990 3304 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
10:46:06.0024 3304 Tcpip6 - ok
10:46:06.0059 3304 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
10:46:06.0080 3304 tcpipreg - ok
10:46:06.0090 3304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:46:06.0122 3304 TDPIPE - ok
10:46:06.0137 3304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:46:06.0169 3304 TDTCP - ok
10:46:06.0193 3304 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:46:06.0222 3304 tdx - ok
10:46:06.0248 3304 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:46:06.0265 3304 TermDD - ok
10:46:06.0314 3304 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:46:06.0365 3304 TermService - ok
10:46:06.0390 3304 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
10:46:06.0422 3304 Themes - ok
10:46:06.0460 3304 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:46:06.0494 3304 THREADORDER - ok
10:46:06.0528 3304 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:46:06.0568 3304 TrkWks - ok
10:46:06.0611 3304 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:46:06.0639 3304 TrustedInstaller - ok
10:46:06.0653 3304 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:46:06.0685 3304 tssecsrv - ok
10:46:06.0698 3304 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:46:06.0721 3304 tunmp - ok
10:46:06.0727 3304 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
10:46:06.0756 3304 tunnel - ok
10:46:06.0775 3304 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:46:06.0791 3304 uagp35 - ok
10:46:06.0811 3304 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:46:06.0847 3304 udfs - ok
10:46:06.0865 3304 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:46:06.0900 3304 UI0Detect - ok
10:46:06.0917 3304 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:46:06.0934 3304 uliagpkx - ok
10:46:06.0980 3304 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:46:07.0014 3304 uliahci - ok
10:46:07.0029 3304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:46:07.0048 3304 UlSata - ok
10:46:07.0061 3304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:46:07.0080 3304 ulsata2 - ok
10:46:07.0090 3304 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:46:07.0123 3304 umbus - ok
10:46:07.0144 3304 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:46:07.0184 3304 upnphost - ok
10:46:07.0198 3304 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:46:07.0227 3304 usbccgp - ok
10:46:07.0242 3304 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:46:07.0292 3304 usbcir - ok
10:46:07.0312 3304 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:46:07.0340 3304 usbehci - ok
10:46:07.0367 3304 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:46:07.0396 3304 usbhub - ok
10:46:07.0403 3304 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
10:46:07.0434 3304 usbohci - ok
10:46:07.0459 3304 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:46:07.0492 3304 usbprint - ok
10:46:07.0512 3304 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:46:07.0539 3304 usbscan - ok
10:46:07.0547 3304 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:46:07.0575 3304 USBSTOR - ok
10:46:07.0584 3304 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:46:07.0612 3304 usbuhci - ok
10:46:07.0629 3304 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:46:07.0658 3304 UxSms - ok
10:46:07.0685 3304 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:46:07.0720 3304 vds - ok
10:46:07.0734 3304 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:46:07.0766 3304 vga - ok
10:46:07.0781 3304 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:46:07.0813 3304 VgaSave - ok
10:46:07.0827 3304 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:46:07.0843 3304 viaagp - ok
10:46:07.0852 3304 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:46:07.0885 3304 ViaC7 - ok
10:46:07.0891 3304 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:46:07.0907 3304 viaide - ok
10:46:07.0919 3304 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:46:07.0935 3304 volmgr - ok
10:46:07.0979 3304 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:46:07.0999 3304 volmgrx - ok
10:46:08.0014 3304 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:46:08.0033 3304 volsnap - ok
10:46:08.0072 3304 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\DRIVERS\vsdatant.sys
10:46:08.0094 3304 Vsdatant - ok
10:46:08.0100 3304 vsdatant7 - ok
10:46:08.0138 3304 vsmon - ok
10:46:08.0157 3304 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:46:08.0176 3304 vsmraid - ok
10:46:08.0244 3304 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:46:08.0290 3304 VSS - ok
10:46:08.0386 3304 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
10:46:08.0418 3304 vToolbarUpdater11.0.2 - ok
10:46:08.0504 3304 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:46:08.0538 3304 W32Time - ok
10:46:08.0563 3304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:46:08.0612 3304 WacomPen - ok
10:46:08.0629 3304 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:46:08.0657 3304 Wanarp - ok
10:46:08.0661 3304 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:46:08.0690 3304 Wanarpv6 - ok
10:46:08.0730 3304 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:46:08.0761 3304 wcncsvc - ok
10:46:08.0789 3304 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:46:08.0821 3304 WcsPlugInService - ok
10:46:08.0842 3304 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:46:08.0857 3304 Wd - ok
10:46:08.0892 3304 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:46:08.0917 3304 Wdf01000 - ok
10:46:08.0947 3304 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:46:08.0983 3304 WdiServiceHost - ok
10:46:08.0987 3304 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:46:09.0022 3304 WdiSystemHost - ok
10:46:09.0036 3304 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:46:09.0064 3304 WebClient - ok
10:46:09.0076 3304 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
10:46:09.0111 3304 Wecsvc - ok
10:46:09.0119 3304 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:46:09.0150 3304 wercplsupport - ok
10:46:09.0163 3304 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:46:09.0195 3304 WerSvc - ok
10:46:09.0249 3304 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:46:09.0268 3304 WinDefend - ok
10:46:09.0278 3304 WinHttpAutoProxySvc - ok
10:46:09.0318 3304 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:46:09.0357 3304 Winmgmt - ok
10:46:09.0406 3304 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
10:46:09.0448 3304 WinRM - ok
10:46:09.0494 3304 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:46:09.0524 3304 Wlansvc - ok
10:46:09.0552 3304 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:46:09.0566 3304 wlcrasvc - ok
10:46:09.0685 3304 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:46:09.0771 3304 wlidsvc - ok
10:46:09.0872 3304 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:46:09.0900 3304 WmiAcpi - ok
10:46:09.0943 3304 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:46:09.0971 3304 WmiApSrv - ok
10:46:10.0046 3304 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:46:10.0092 3304 WMPNetworkSvc - ok
10:46:10.0107 3304 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:46:10.0131 3304 WPCSvc - ok
10:46:10.0154 3304 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:46:10.0179 3304 WPDBusEnum - ok
10:46:10.0267 3304 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:46:10.0295 3304 WPFFontCache_v0400 - ok
10:46:10.0315 3304 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:46:10.0348 3304 ws2ifsl - ok
10:46:10.0373 3304 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
10:46:10.0401 3304 wscsvc - ok
10:46:10.0406 3304 WSearch - ok
10:46:10.0539 3304 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:46:10.0625 3304 wuauserv - ok
10:46:10.0696 3304 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:46:10.0733 3304 wudfsvc - ok
10:46:10.0754 3304 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:46:11.0066 3304 \Device\Harddisk0\DR0 - ok
10:46:11.0070 3304 Boot (0x1200) (1564506fc0713d153b896ad06c0f6c1f) \Device\Harddisk0\DR0\Partition0
10:46:11.0071 3304 \Device\Harddisk0\DR0\Partition0 - ok
10:46:11.0073 3304 ============================================================
10:46:11.0073 3304 Scan finished
10:46:11.0073 3304 ============================================================
10:46:11.0086 1180 Detected object count: 10
10:46:11.0086 1180 Actual detected object count: 10
10:48:35.0894 1180 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0894 1180 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0896 1180 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0896 1180 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0898 1180 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0898 1180 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0902 1180 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0902 1180 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0905 1180 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0905 1180 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0907 1180 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0907 1180 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0910 1180 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0910 1180 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0912 1180 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0912 1180 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0915 1180 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0916 1180 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:48:35.0918 1180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:35.0918 1180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:50:51.0332 5836 Deinitialize success

swMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-06 11:40:52
-----------------------------
11:40:52.092 OS Version: Windows 6.0.6002 Service Pack 2
11:40:52.092 Number of processors: 4 586 0x1707
11:40:52.093 ComputerName: EAMONNS UserName: currys
11:41:25.580 Initialize success
11:41:50.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
11:41:50.100 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
11:41:50.115 Disk 0 MBR read successfully
11:41:50.117 Disk 0 MBR scan
11:41:50.120 Disk 0 Windows VISTA default MBR code
11:41:50.130 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
11:41:50.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600238 MB offset 20973568
11:41:50.142 Disk 0 scanning sectors +1250261680
11:41:50.204 Disk 0 scanning C:\Windows\system32\drivers
11:41:57.639 Service scanning
11:42:01.930 Service MpKsl87d25911 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\MpKsl87d25911.sys **LOCKED** 32
11:42:08.215 Modules scanning
11:42:11.228 Disk 0 trace - called modules:
11:42:11.247 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
11:42:11.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87524968]
11:42:11.257 3 CLASSPNP.SYS[8bdb58b3] -> nt!IofCallDriver -> [0x857d96e0]
11:42:11.261 5 acpi.sys[83a986bc] -> nt!IofCallDriver -> \Device\0000005e[0x857d9c90]
11:42:11.266 Scan finished successfully
11:42:54.736 Disk 0 MBR has been saved successfully to "C:\Users\currys\Desktop\MBR.dat"
11:42:54.748 The log file has been saved successfully to "C:\Users\currys\Desktop\aswMBR.txt"


----------



## eddie5659 (Mar 19, 2001)

Okay, can you firstly uninstall this via AddRemove Programs:

*Advanced SystemCare 5*

Then, can you run the following tools:

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.

-------------

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


eddie


----------



## baffledUK (Jul 2, 2012)

Hi Eddie I've done what you suggested! Except Oldtimergeekstogo are investigating their database back 7/9/2012

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: currys [Admin rights]
Mode: Scan -- Date: 07/08/2012 23:20:43

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] system32CmdLineExt.dll -- C:\Windows\system32CmdLineExt.dll -> UNLOADED

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[289] : NtSetContextThread @ 0x82CA5253 -> HOOKED (Unknown @ 0x8CD5FE03)
SSDT[314] : NtSetSecurityObject @ 0x82BD2FE4 -> HOOKED (Unknown @ 0x8CD5FE0D)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++
--- User ---
[MBR] cb937bfbef932355cd34b6cb6f4027a9
[BSP] 8484c7ec0314f855e9c1602adbcfff5f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 600238 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: HP Photosmart C4400 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

all the best


----------



## eddie5659 (Mar 19, 2001)

Looks like it'll be back online today sometime, I'll wait until then, as OTL is a very good tool to help us with infections


----------



## baffledUK (Jul 2, 2012)

OTL logfile created on: 10/07/2012 18:55:16 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\currys\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.67% Memory free
6.22 Gb Paging File | 4.54 Gb Available in Paging File | 72.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 420.59 Gb Free Space | 71.75% Space Free | Partition Type: NTFS

Computer Name: EAMONNS | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 18:50:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL.exe
PRC - [2012/06/26 18:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/07 01:27:06 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/05/03 15:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/04/30 20:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/29 21:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 21:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/30 19:04:54 | 000,142,848 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2011/08/26 13:56:04 | 000,685,912 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/10 18:36:21 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/10 18:36:20 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/04 11:19:20 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/04 11:19:20 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/30 19:04:54 | 000,142,848 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/08/26 13:56:08 | 000,516,440 | ---- | M] () -- C:\Program Files\IObit\Game Booster\sqlite3.dll
MOD - [2011/02/22 16:01:26 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madexcept_.bpl
MOD - [2011/02/22 16:01:26 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madbasic_.bpl
MOD - [2011/02/22 16:01:26 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Game Booster\maddisAsm_.bpl

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WMService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (PLFlash DeviceIoControl Service)
SRV - File not found [On_Demand | Stopped] -- -- (odserv)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 3)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (IBUpdaterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2012/06/23 13:46:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/16 23:09:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/10 11:03:17 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/10 09:55:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 09:55:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/07 01:27:06 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/12/10 13:47:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/11 07:28:25 | 000,375,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/08/21 22:08:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 15:00:00 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\currys\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/06/23 12:42:47 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/06/23 11:35:37 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2012/05/10 09:55:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/10 09:55:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/30 20:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/17 13:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/01/09 19:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 19:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 19:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/12/09 13:40:53 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2011/02/23 17:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/10/25 19:04:46 | 000,303,720 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/09 03:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/07/16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.goonsearch.com/web.html?source=IBR-IB-PDP-INS-DBS&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 08 D2 6F 60 88 CC 01 [binary data]
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101067&mntrId=50b4fa92000000000000002197a13750
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{12E234A8-7EC3-47EF-9DD4-E79D0259DB1B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_en
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=AU&apn_dtid=YYYYYYYYGB&apn_uid=34399D31-44A3-4DA6-8AC7-C989A030269F&apn_sauid=A32CCD2B-3BB2-4310-B8FA-574A397D7115
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{2310B25F-E44D-4DCE-8978-173DBD1341C1}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.goonsearch.com/web.html?source=IBR-IB-PDP-INS-DBS&q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=CrQt__Hz-oJhPpnLvuNAmY8Q990?q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=8a29f83a-1762-4abe-b6d2-85b8f55d9ff9&query={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2AB81444-0133-4A21-88D6-7236293CD844}&mid=86c7969f8ba047d19024d168d145dea3-9a877b0da52b245d0ae7330e6e4e92d782696eee&lang=en&ds=ts025&pr=&d=2011-12-14 00:04:00&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{98C169E2-613B-42D8-9716-3201888DF14E}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=380920&p={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\currys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\currys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 10:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 12:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/05/23 18:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/07/01 01:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/07 12:47:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/05 23:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/07 12:47:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/05 23:19:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 10:44:51 | 000,000,000 | ---D | M]

[2012/01/22 11:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/07/24 22:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/01/22 11:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/01 01:10:55 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/07/08 19:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions
[2012/07/08 19:39:06 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/06/27 14:38:40 | 000,000,925 | ---- | M] () -- C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\conduit.xml
[2012/06/23 14:03:40 | 000,002,203 | ---- | M] () -- C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\MyStart Search.xml
[2012/06/13 23:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/07 12:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/05/21 22:59:26 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\EXTENSIONS\[email protected]
[2012/07/07 12:47:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/29 17:07:04 | 000,003,703 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/23 13:40:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/23 13:40:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\
CHR - Extension: No name found = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: No name found = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\

O1 HOSTS File: ([2012/07/06 12:16:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090910103721 (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1322783446664 (MUCatalogWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27FA60FB-5855-47ED-90FC-73C7DFD953D2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\prox - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/29 12:14:24 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Reg Error: Value error.
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{184906ff-ed62-4ee5-bd9c-fd55a3fb7b2d} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{44ca04c9-b479-4ac6-9f6d-2161ab55aa7c} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

MsConfig - StartUpFolder: C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe - ()
MsConfig - StartUpReg: *AppleSyncNotifier* - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: *TkBellExe* - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 18:53:42 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012/07/06 16:38:06 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\checkoutPaypalComplete.asp_files
[2012/07/06 12:40:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/06 11:58:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/06 10:41:36 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\currys\Desktop\tdsskiller(4).exe
[2012/07/05 23:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/05 00:19:45 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
[2012/07/04 16:44:55 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\New Folder
[2012/07/04 11:19:08 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/04 11:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/04 11:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/04 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/04 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/07/04 10:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/04 00:33:11 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\1059343-internet-options-control-panel-missing_files
[2012/07/02 18:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/02 18:56:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 16:03:16 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Sammsoft
[2012/06/30 16:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012
[2012/06/30 11:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/30 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\RK_Quarantine
[2012/06/29 23:55:11 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\DigitalSupport
[2012/06/29 23:33:07 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Simply Super Software
[2012/06/29 23:33:07 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Simply Super Software
[2012/06/29 23:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/06/29 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012/06/28 13:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\ReImageCompanion
[2012/06/28 13:34:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012/06/28 13:31:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012/06/25 00:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/06/25 00:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/24 11:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\RegZooka
[2012/06/23 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\Macromedia
[2012/06/23 11:43:58 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/06/23 11:35:37 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/06/23 11:35:37 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/06/23 11:26:49 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/23 10:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/06/23 10:45:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
[2012/06/23 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\RegRun2
[2012/06/23 10:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
[2012/06/23 10:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis
[2012/06/20 00:21:52 | 000,000,000 | ---D | C] -- C:\f90e4393fac73d563b0e
[2012/06/19 22:53:12 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/06/19 22:53:07 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/06/19 22:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/06/19 22:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/19 22:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/19 22:52:47 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\TestApp
[2012/06/18 23:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2012/06/18 23:34:17 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\FlashGet
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 19:00:04 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-currys.job
[2012/07/10 18:53:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 18:51:08 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job
[2012/07/10 18:38:56 | 000,668,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/10 18:38:56 | 000,136,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/10 18:36:10 | 000,000,900 | ---- | M] () -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/07/10 18:35:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 18:34:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/07/10 18:33:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/10 18:33:48 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
[2012/07/10 18:33:44 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 18:33:44 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 18:33:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/08 23:49:44 | 000,004,857 | ---- | M] () -- C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml
[2012/07/08 19:40:57 | 001,558,016 | ---- | M] () -- C:\Users\currys\Desktop\RogueKiller(1).exe
[2012/07/06 18:57:15 | 000,322,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/06 16:38:07 | 000,048,211 | ---- | M] () -- C:\Users\currys\Desktop\checkoutPaypalComplete.asp.htm
[2012/07/06 14:26:27 | 000,022,477 | ---- | M] () -- C:\Users\currys\Desktop\Argos - Thank you for your order number 201549843.eml
[2012/07/06 13:47:29 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012/07/06 12:16:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/06 12:00:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/06 11:46:44 | 000,000,890 | ---- | M] () -- C:\Users\currys\Desktop\baffledUK123.exe - Shortcut.lnk
[2012/07/06 10:41:40 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\currys\Desktop\tdsskiller(4).exe
[2012/07/06 00:46:13 | 000,002,525 | ---- | M] () -- C:\Users\currys\Desktop\HiJackThis.lnk
[2012/07/05 23:31:17 | 000,001,359 | ---- | M] () -- C:\Users\currys\Desktop\java - Shortcut.lnk
[2012/07/05 00:18:14 | 000,016,968 | ---- | M] () -- C:\Users\currys\Untitled 1.odt
[2012/07/04 11:19:01 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/04 00:33:12 | 000,064,364 | ---- | M] () -- C:\Users\currys\Documents\1059343-internet-options-control-panel-missing.html
[2012/07/02 23:38:28 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Disk Cleaner.lnk
[2012/07/02 18:56:52 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/01 00:05:13 | 3220,320,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 13:31:39 | 000,001,583 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/06/26 23:39:39 | 000,000,134 | ---- | M] () -- C:\Users\currys\Desktop\Microsoft Fix it.url
[2012/06/24 11:02:03 | 000,000,487 | ---- | M] () -- C:\Windows\wininit.ini
[2012/06/23 12:42:47 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/06/23 11:35:37 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/06/23 11:35:37 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/06/23 10:44:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/23 10:44:14 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/06/23 10:44:14 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/06/23 10:44:11 | 000,000,876 | ---- | M] () -- C:\Users\currys\Desktop\Reanimator.lnk
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/08 23:49:43 | 000,004,857 | ---- | C] () -- C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml
[2012/07/08 19:40:56 | 001,558,016 | ---- | C] () -- C:\Users\currys\Desktop\RogueKiller(1).exe
[2012/07/08 00:57:14 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job
[2012/07/06 16:38:06 | 000,048,211 | ---- | C] () -- C:\Users\currys\Desktop\checkoutPaypalComplete.asp.htm
[2012/07/06 14:26:17 | 000,022,477 | ---- | C] () -- C:\Users\currys\Desktop\Argos - Thank you for your order number 201549843.eml
[2012/07/06 13:47:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/07/06 11:46:44 | 000,000,890 | ---- | C] () -- C:\Users\currys\Desktop\baffledUK123.exe - Shortcut.lnk
[2012/07/05 23:30:52 | 000,001,359 | ---- | C] () -- C:\Users\currys\Desktop\java - Shortcut.lnk
[2012/07/05 00:18:12 | 000,016,968 | ---- | C] () -- C:\Users\currys\Untitled 1.odt
[2012/07/04 11:19:01 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/04 10:42:09 | 000,002,525 | ---- | C] () -- C:\Users\currys\Desktop\HiJackThis.lnk
[2012/07/04 00:33:10 | 000,064,364 | ---- | C] () -- C:\Users\currys\Documents\1059343-internet-options-control-panel-missing.html
[2012/07/02 18:56:52 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/01 01:13:20 | 000,322,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/29 00:22:04 | 3220,320,256 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/29 00:06:55 | 000,000,900 | ---- | C] () -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/06/28 13:31:39 | 000,001,583 | ---- | C] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/06/26 23:39:39 | 000,000,134 | ---- | C] () -- C:\Users\currys\Desktop\Microsoft Fix it.url
[2012/06/26 23:37:20 | 000,001,041 | ---- | C] () -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/24 11:02:02 | 000,000,487 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/23 11:26:11 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
[2012/06/23 10:44:14 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/06/23 10:44:11 | 000,000,876 | ---- | C] () -- C:\Users\currys\Desktop\Reanimator.lnk
[2012/01/29 12:35:23 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\{A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5}
[2012/01/01 19:41:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/01 19:41:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/01 19:41:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/01 19:41:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/01 19:41:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 20:48:31 | 000,016,918 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.xml
[2011/12/29 12:23:29 | 004,250,112 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.msp
[2011/12/26 14:05:56 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/02 23:16:09 | 000,001,043 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/06/17 21:23:38 | 000,000,094 | ---- | C] () -- C:\Users\currys\AppData\Local\fusioncache.dat
[2011/03/15 19:37:45 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/03/15 19:37:45 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/03/03 21:18:20 | 000,001,024 | ---- | C] () -- C:\Users\currys\.rnd
[2011/03/03 21:18:09 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/02/06 01:16:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/09 22:45:44 | 000,128,356 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/16 16:06:15 | 000,001,356 | ---- | C] () -- C:\Users\currys\AppData\Local\d3d9caps.dat
[2009/06/23 22:13:57 | 000,024,206 | ---- | C] () -- C:\Users\currys\AppData\Roaming\UserTile.png
[2009/06/16 18:02:15 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/06/15 20:10:47 | 000,211,968 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/06/29 23:32:32 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\#ISW.FS#
[2011/12/02 23:34:23 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Auslogics
[2011/11/30 11:11:27 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\AVG10
[2012/07/01 01:10:52 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Azureus
[2009/06/28 09:30:24 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/11/08 01:05:56 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Blitware
[2009/06/23 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Canon
[2012/05/06 11:42:39 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\CheckPoint
[2012/06/29 23:59:57 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\DigitalSupport
[2011/07/09 18:55:24 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\DMCache
[2009/07/06 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\DriverCure
[2011/06/09 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\FixCleaner
[2012/06/18 23:34:17 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\FlashGet
[2011/08/21 22:56:06 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\FrostWire
[2011/07/09 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Internet Download Accelerator
[2012/07/01 01:10:53 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\IObit
[2011/12/02 19:27:27 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\iolo
[2012/07/01 01:10:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\LimeWire
[2012/02/02 01:12:53 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Media Finder
[2011/12/15 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\OnlineArmor
[2011/05/27 23:28:45 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\OpenCandy
[2011/11/30 22:21:40 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\OpenOffice.org
[2009/06/15 23:03:01 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Packard Bell
[2011/07/09 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\ParetoLogic
[2012/06/30 12:08:15 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\PC Cleaners
[2011/10/21 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\PCCleaner
[2012/05/21 23:36:31 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\PCPro
[2009/06/23 22:13:57 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\PeerNetworking
[2012/03/12 11:17:26 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\PerformerSoft
[2011/11/30 01:00:18 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\RegistryKeys
[2012/06/30 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Sammsoft
[2012/06/29 23:33:07 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Simply Super Software
[2011/12/10 00:39:29 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\SlimCleaner
[2011/11/29 19:07:18 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\SpeedMaxPc
[2012/06/04 17:06:02 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\SpeedyPC Software
[2010/05/24 08:16:42 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Sports Interactive
[2011/12/29 11:45:09 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\T55
[2012/06/19 22:52:47 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\TestApp
[2010/05/09 20:02:30 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\The Creative Assembly
[2012/01/22 11:12:27 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\TP
[2010/07/15 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\TuneUp Software
[2012/07/05 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\TweakNow RegCleaner 2011
[2012/01/22 11:13:31 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\{90140011-0061-0409-0000-0000000FF1CE}
[2012/02/04 12:18:30 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/02/04 12:18:30 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/02/04 12:18:30 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit
[2012/07/10 19:00:04 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-currys.job
[2012/07/09 23:30:44 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/10 18:51:08 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/07/06 12:40:40 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/05/17 19:03:03 | 000,000,000 | ---D | M] -- C:\335cad22c2781a5a46ca189d
[2012/01/04 00:08:27 | 000,000,000 | ---D | M] -- C:\ACER
[2011/12/29 12:14:24 | 000,000,000 | ---D | M] -- C:\Autorun.inf
[2012/06/30 08:29:58 | 000,000,000 | ---D | M] -- C:\Boot
[2010/10/24 01:09:41 | 000,000,000 | ---D | M] -- C:\BraCa Soft
[2011/12/26 14:09:46 | 000,000,000 | ---D | M] -- C:\cabs
[2009/06/23 22:09:14 | 000,000,000 | ---D | M] -- C:\CanoScan
[2012/07/06 11:49:41 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/07/07 10:16:16 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/06/26 23:48:14 | 000,000,000 | ---D | M] -- C:\drivers
[2012/07/01 01:10:35 | 000,000,000 | ---D | M] -- C:\f90e4393fac73d563b0e
[2012/06/23 13:31:04 | 000,000,000 | ---D | M] -- C:\Kontiki
[2011/06/18 09:16:34 | 000,000,000 | ---D | M] -- C:\Macromedia
[2008/08/21 22:17:18 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/04/03 18:52:45 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011/12/17 18:20:59 | 000,000,000 | ---D | M] -- C:\perflogs
[2012/07/05 22:39:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/06 12:15:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/07/06 12:49:50 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/03/09 23:30:17 | 000,000,000 | ---D | M] -- C:\Reg_Backup
[2012/07/10 18:57:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/01 01:11:07 | 000,000,000 | R--D | M] -- C:\Users
[2012/07/06 16:34:02 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\10022a7.msp
[2011/06/13 10:35:09 | 000,219,648 | ---- | M] () -- C:\Windows\Installer\1171dd.msi
[2009/03/20 11:48:56 | 000,183,808 | R--- | M] () -- C:\Windows\Installer\124062.msp
[2009/12/11 09:49:42 | 000,324,608 | ---- | M] () -- C:\Windows\Installer\1263ed8d.msi
[2009/12/11 09:51:09 | 000,821,760 | ---- | M] () -- C:\Windows\Installer\1263edd3.msi
[2009/12/11 09:52:30 | 000,279,040 | ---- | M] () -- C:\Windows\Installer\1263ee06.msi
[2009/12/11 09:52:50 | 000,577,024 | ---- | M] () -- C:\Windows\Installer\1263ee14.msi
[2009/10/16 08:09:28 | 002,518,016 | R--- | M] () -- C:\Windows\Installer\1263ee24.msp
[2008/08/21 22:19:45 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\133082.mst
[2011/12/26 06:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\13876f.msp
[2012/01/22 11:07:51 | 004,201,984 | ---- | M] () -- C:\Windows\Installer\13bf24.msi
[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\13f9f50.msp
[2008/08/21 22:19:45 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\13fac2.mst
[2011/01/16 11:43:05 | 000,415,744 | ---- | M] () -- C:\Windows\Installer\149f7c.msi
[2011/09/15 19:37:40 | 037,148,160 | R--- | M] () -- C:\Windows\Installer\1543e9.msp
[2011/09/15 19:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\154408.msp
[2010/04/24 17:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\17537a0.msp
[2010/04/24 17:07:04 | 010,118,144 | R--- | M] () -- C:\Windows\Installer\17537c1.msp
[2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\17537d2.msp
[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\17537e3.msp
[2010/04/24 17:08:48 | 009,129,984 | R--- | M] () -- C:\Windows\Installer\17537f4.msp
[2010/04/24 17:09:46 | 011,750,912 | R--- | M] () -- C:\Windows\Installer\17537fc.msp
[2009/06/16 22:29:21 | 000,648,192 | ---- | M] () -- C:\Windows\Installer\176fc53.msi
[2011/12/01 23:59:50 | 010,988,544 | ---- | M] () -- C:\Windows\Installer\17df8d.msi
[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\19c024f.msp
[2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\19c026c.msp
[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\19c028d.msp
[2011/09/06 21:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\19c02ad.msp
[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\19c02b5.msp
[2011/11/15 20:44:06 | 001,435,136 | ---- | M] () -- C:\Windows\Installer\1a3843.msi
[2012/01/22 11:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1af74f.msp
[2012/01/30 21:46:22 | 007,069,184 | R--- | M] () -- C:\Windows\Installer\1af757.msp
[2009/08/18 13:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\1b940cf.msp
[2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\1b940d7.msp
[2009/08/05 07:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\1b940ff.msp
[2010/01/14 20:49:10 | 000,463,360 | ---- | M] () -- C:\Windows\Installer\1c0b9ed5.msi
[2009/08/18 13:57:54 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\1c1063f.msp
[2009/08/18 13:58:56 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\1c10650.msp
[2009/08/18 14:19:26 | 010,098,688 | R--- | M] () -- C:\Windows\Installer\1c10668.msp
[2012/05/19 12:42:02 | 000,492,544 | ---- | M] () -- C:\Windows\Installer\1d2224.msi
[2010/07/23 02:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\1d821ac.msp
[2009/08/08 18:09:01 | 000,152,576 | ---- | M] () -- C:\Windows\Installer\1df1552.msi
[2009/08/11 23:51:12 | 000,550,912 | ---- | M] () -- C:\Windows\Installer\1df1e3a.msi
[2009/08/11 23:51:54 | 000,613,376 | ---- | M] () -- C:\Windows\Installer\1df1e6c.msi
[2009/08/11 23:52:00 | 000,444,416 | ---- | M] () -- C:\Windows\Installer\1df1e74.msi
[2009/06/28 09:49:03 | 002,862,592 | ---- | M] () -- C:\Windows\Installer\1df8f3.msi
[2012/07/05 00:20:50 | 000,228,864 | ---- | M] () -- C:\Windows\Installer\1f436a7.msi
[2011/09/12 20:12:50 | 002,295,808 | ---- | M] () -- C:\Windows\Installer\2192cdf.msi
[2008/12/13 09:58:22 | 000,754,688 | R--- | M] () -- C:\Windows\Installer\22de62e.msp
[2009/05/26 18:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\22de63e.msp
[2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\22de669.msp
[2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\22de753.msp
[2009/04/24 12:28:00 | 004,450,816 | R--- | M] () -- C:\Windows\Installer\22de788.msp
[2009/02/25 19:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\22de798.msp
[2009/04/24 12:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\22de7be.msp
[2009/05/04 07:47:22 | 009,124,864 | R--- | M] () -- C:\Windows\Installer\22de7de.msp
[2011/06/17 20:51:40 | 003,443,712 | ---- | M] () -- C:\Windows\Installer\2355581.msi
[2009/11/25 01:00:28 | 000,429,568 | ---- | M] () -- C:\Windows\Installer\23a02a.msi
[2011/11/22 00:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\25094f.msp
[2009/04/04 18:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\28cce1a.msp
[2009/04/04 18:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\28cce46.msp
[2009/04/04 18:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\28cce4f.msp
[2009/04/04 18:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\28cce56.msp
[2011/09/21 17:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\2b0694.msp
[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\2bde389.msp
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\2bde391.msp
[2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\2bde3a8.msp
[2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\2bde3c8.msp
[2009/06/28 09:19:34 | 000,583,680 | ---- | M] () -- C:\Windows\Installer\2cdad.msi
[2012/07/05 23:19:12 | 000,863,744 | ---- | M] () -- C:\Windows\Installer\2d235db.msi
[2012/07/05 23:20:05 | 000,176,128 | ---- | M] () -- C:\Windows\Installer\2d235e7.msi
[2011/12/22 17:50:54 | 000,256,000 | R--- | M] () -- C:\Windows\Installer\2dc91f.msp
[2012/01/19 14:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\2dc92a.msp
[2011/12/15 14:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\2dc93b.msp
[2009/04/04 07:35:48 | 036,977,152 | R--- | M] () -- C:\Windows\Installer\2e5bb0f.msp
[2009/05/04 07:46:14 | 008,299,008 | R--- | M] () -- C:\Windows\Installer\2e5bb21.msp
[2009/04/14 04:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\2e5bb3c.msp
[2010/12/30 00:34:10 | 001,710,592 | ---- | M] () -- C:\Windows\Installer\2e98d73.msi
[2010/12/30 00:39:17 | 001,984,000 | ---- | M] () -- C:\Windows\Installer\2e98dbb.msi
[2008/08/21 22:19:45 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\2efac3.mst
[2008/08/21 22:19:45 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\300251.mst
[2008/08/21 22:19:45 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\30f18f.mst
[2011/06/16 00:08:52 | 000,467,456 | ---- | M] () -- C:\Windows\Installer\330c6c9.msi
[2011/04/13 11:37:02 | 019,201,024 | R--- | M] () -- C:\Windows\Installer\330c6d6.msp
[2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\330c6dd.msp
[2011/03/25 09:03:44 | 005,079,552 | R--- | M] () -- C:\Windows\Installer\330c6f3.msp
[2011/06/16 00:24:33 | 000,223,744 | ---- | M] () -- C:\Windows\Installer\330c703.msi
[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\330c70a.msp
[2011/04/29 12:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\330c730.msp
[2009/07/01 10:51:21 | 001,013,248 | ---- | M] () -- C:\Windows\Installer\33d7038.msi
[2011/10/16 08:15:06 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\34eb5.msi
[2010/01/21 21:23:34 | 000,119,296 | ---- | M] () -- C:\Windows\Installer\35f25e.msi
[2012/04/04 14:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\39647.msp
[2011/12/26 23:33:26 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\3d96e.msi
[2011/12/26 23:33:33 | 001,713,152 | ---- | M] () -- C:\Windows\Installer\3d973.msi
[2011/12/26 23:33:42 | 002,022,912 | ---- | M] () -- C:\Windows\Installer\3d978.msi
[2011/12/26 23:33:49 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\3d97d.msi
[2011/12/26 23:33:55 | 000,513,024 | ---- | M] () -- C:\Windows\Installer\3d982.msi
[2011/12/26 23:33:59 | 000,516,608 | ---- | M] () -- C:\Windows\Installer\3d988.msi
[2011/12/26 23:34:03 | 000,506,880 | ---- | M] () -- C:\Windows\Installer\3d98e.msi
[2011/12/26 23:34:06 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\3d993.msi
[2011/12/26 23:34:11 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\3d998.msi
[2011/12/26 23:34:23 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\3d99d.msi
[2009/06/15 18:14:33 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\411500.msi
[2010/09/24 07:08:50 | 017,518,080 | R--- | M] () -- C:\Windows\Installer\42115fb.msp
[2009/06/15 17:14:16 | 001,479,680 | ---- | M] () -- C:\Windows\Installer\433d5.msi
[2011/09/05 23:01:26 | 013,135,872 | R--- | M] () -- C:\Windows\Installer\4477b.msp
[2010/06/25 22:48:50 | 001,160,192 | ---- | M] () -- C:\Windows\Installer\45ed8e.msi
[2011/06/25 12:07:39 | 000,066,048 | ---- | M] () -- C:\Windows\Installer\4827ef.msi
[2011/06/25 12:08:05 | 000,855,040 | ---- | M] () -- C:\Windows\Installer\48285c.msi
[2010/05/18 17:29:30 | 000,822,272 | ---- | M] () -- C:\Windows\Installer\4c3c7cd.msi
[2012/07/04 10:42:09 | 001,094,656 | ---- | M] () -- C:\Windows\Installer\4e5d046.msi
[2010/03/04 19:48:30 | 000,228,352 | ---- | M] () -- C:\Windows\Installer\4ebadb9.msi
[2011/11/11 17:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\52fce5.msp
[2011/12/21 23:19:28 | 000,036,352 | ---- | M] () -- C:\Windows\Installer\52fcee.msi
[2011/12/21 23:19:30 | 023,622,656 | R--- | M] () -- C:\Windows\Installer\52fcf4.msp
[2010/01/10 10:44:58 | 000,855,040 | ---- | M] () -- C:\Windows\Installer\548b5f2.msi
[2012/05/06 11:36:40 | 000,041,472 | ---- | M] () -- C:\Windows\Installer\54a07e6.msi
[2012/05/06 11:36:49 | 000,028,672 | ---- | M] () -- C:\Windows\Installer\54a081a.msi
[2012/05/06 11:37:02 | 000,039,936 | ---- | M] () -- C:\Windows\Installer\54a0820.msi
[2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\54e58e.msp
[2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\54e59c.msp
[2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\54e5b3.msp
[2011/02/11 08:43:44 | 010,951,168 | R--- | M] () -- C:\Windows\Installer\54e5d5.msp
[2010/11/20 23:34:34 | 001,198,080 | R--- | M] () -- C:\Windows\Installer\54e5dc.msp
[2010/11/20 23:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\54e5f4.msp
[2011/03/17 20:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\54e5fb.msp
[2011/01/11 17:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\54e60c.msp
[2008/08/21 22:05:38 | 000,115,200 | ---- | M] () -- C:\Windows\Installer\582f9.msi
[2008/08/21 22:08:06 | 014,308,864 | ---- | M] () -- C:\Windows\Installer\58302.msi
[2008/08/21 22:08:37 | 006,092,288 | ---- | M] () -- C:\Windows\Installer\58303.msi
[2008/08/21 22:09:56 | 001,244,672 | ---- | M] () -- C:\Windows\Installer\58309.msi
[2008/08/21 22:15:48 | 000,100,352 | ---- | M] () -- C:\Windows\Installer\58316.msi
[2008/08/21 22:18:24 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\58337.msi
[2008/08/21 22:19:43 | 009,613,312 | ---- | M] () -- C:\Windows\Installer\58365.msi
[2008/05/14 07:46:44 | 009,577,984 | R--- | M] () -- C:\Windows\Installer\58366.msp
[2007/03/21 22:46:29 | 008,198,656 | R--- | M] () -- C:\Windows\Installer\58382.msp
[2007/03/21 22:46:29 | 002,047,488 | R--- | M] () -- C:\Windows\Installer\5839e.msp
[2008/08/21 22:21:46 | 000,360,448 | ---- | M] () -- C:\Windows\Installer\583a9.msi
[2008/02/15 09:54:20 | 009,736,192 | R--- | M] () -- C:\Windows\Installer\583ce.msp
[2007/10/15 00:43:32 | 021,981,184 | R--- | M] () -- C:\Windows\Installer\583d6.msp
[2007/10/15 00:43:14 | 229,852,160 | R--- | M] () -- C:\Windows\Installer\584b2.msp
[2009/04/14 05:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\58bd0.msp
[2009/04/14 05:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\58be7.msp
[2009/05/07 10:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\58bef.msp
[2009/04/14 04:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\58bf7.msp
[2009/04/14 05:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\58bff.msp
[2009/04/14 05:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\58c07.msp
[2011/04/28 17:51:24 | 001,375,744 | R--- | M] () -- C:\Windows\Installer\5bfb3.msp
[2011/10/26 16:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\5c073.msp
[2012/01/12 03:01:16 | 021,030,912 | R--- | M] () -- C:\Windows\Installer\5c0a3.msp
[2011/06/14 00:04:08 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\5da4c.msi
[2011/06/14 00:16:47 | 003,589,632 | ---- | M] () -- C:\Windows\Installer\5da8f.msi
[2011/06/14 00:16:49 | 002,087,936 | ---- | M] () -- C:\Windows\Installer\5da93.msi
[2011/06/14 00:16:52 | 000,023,040 | ---- | M] () -- C:\Windows\Installer\5da97.msi
[2011/06/14 00:17:02 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\5daa6.msp
[2011/06/14 00:17:14 | 000,030,720 | ---- | M] () -- C:\Windows\Installer\5daaa.msi
[2011/06/14 00:17:22 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\5dabe.msp
[2011/06/14 00:17:29 | 000,071,680 | ---- | M] () -- C:\Windows\Installer\5dac2.msi
[2011/06/14 00:17:36 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\5dac6.msi
[2011/06/14 00:17:42 | 000,191,488 | ---- | M] () -- C:\Windows\Installer\5daca.msi
[2011/06/14 00:17:52 | 000,301,056 | ---- | M] () -- C:\Windows\Installer\5dace.msi
[2011/06/14 00:17:55 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\5dad2.msi
[2011/06/14 00:18:02 | 000,238,080 | ---- | M] () -- C:\Windows\Installer\5dad6.msi
[2011/06/14 00:18:06 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\5dadb.msp
[2011/06/14 00:18:18 | 000,212,992 | ---- | M] () -- C:\Windows\Installer\5dadf.msi
[2011/06/14 00:18:21 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\5daeb.msp
[2011/06/14 00:18:29 | 000,058,880 | ---- | M] () -- C:\Windows\Installer\5daef.msi
[2011/06/14 00:18:40 | 000,200,192 | ---- | M] () -- C:\Windows\Installer\5daf3.msi
[2011/06/14 00:18:48 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\5db0f.msp
[2011/06/14 00:19:13 | 000,417,792 | ---- | M] () -- C:\Windows\Installer\5db15.msi
[2011/06/14 00:19:20 | 005,514,240 | R--- | M] () -- C:\Windows\Installer\5db28.msp
[2011/06/14 00:19:31 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\5db2d.msi
[2011/06/14 00:19:36 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\5db31.msi
[2011/06/14 00:19:41 | 000,038,912 | R--- | M] () -- C:\Windows\Installer\5db36.msp
[2011/06/14 00:19:59 | 000,714,240 | ---- | M] () -- C:\Windows\Installer\5db3a.msi
[2011/06/14 00:20:09 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\5db51.msp
[2011/06/14 00:20:22 | 000,205,312 | ---- | M] () -- C:\Windows\Installer\5db55.msi
[2011/06/14 00:20:29 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\5db6f.msp
[2011/06/14 00:20:38 | 000,891,904 | ---- | M] () -- C:\Windows\Installer\5db73.msi
[2011/06/14 00:21:12 | 000,216,064 | ---- | M] () -- C:\Windows\Installer\5db77.msi
[2011/06/14 00:21:27 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\5dba2.msp
[2011/06/14 00:21:43 | 000,074,752 | ---- | M] () -- C:\Windows\Installer\5dba7.msi
[2011/06/14 00:21:50 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\5dbb0.msp
[2011/06/14 00:21:57 | 000,187,904 | ---- | M] () -- C:\Windows\Installer\5dbb5.msi
[2011/06/14 00:22:01 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\5dbbf.msp
[2011/06/14 00:22:22 | 000,139,264 | ---- | M] () -- C:\Windows\Installer\5dbc3.msi
[2011/06/14 00:22:22 | 000,113,664 | R--- | M] () -- C:\Windows\Installer\5dc00.msp
[2011/06/14 00:22:33 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\5dc04.msi
[2011/06/14 00:22:44 | 000,277,504 | ---- | M] () -- C:\Windows\Installer\5dc08.msi
[2011/06/14 00:22:57 | 000,973,824 | ---- | M] () -- C:\Windows\Installer\5dc0c.msi
[2011/06/14 00:23:04 | 000,099,840 | ---- | M] () -- C:\Windows\Installer\5dc10.msi
[2011/06/14 00:23:10 | 001,830,400 | R--- | M] () -- C:\Windows\Installer\5dc19.msp
[2011/06/14 00:23:16 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\5dc1d.msi
[2011/06/14 00:23:23 | 000,029,184 | ---- | M] () -- C:\Windows\Installer\5dc21.msi
[2011/06/14 00:23:29 | 000,624,640 | R--- | M] () -- C:\Windows\Installer\5dc2a.msp
[2011/06/14 00:23:36 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\5dc2e.msi
[2011/06/14 00:23:41 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\5dc38.msp
[2011/06/14 00:23:59 | 000,023,552 | ---- | M] () -- C:\Windows\Installer\5dc3d.msi
[2011/06/14 00:24:09 | 005,124,608 | R--- | M] () -- C:\Windows\Installer\5dc47.msp
[2011/06/14 00:24:19 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\5dc4c.msi
[2011/06/14 00:24:24 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\5dc52.msp
[2011/06/14 00:24:33 | 000,201,216 | ---- | M] () -- C:\Windows\Installer\5dc56.msi
[2011/06/14 00:24:38 | 000,510,976 | R--- | M] () -- C:\Windows\Installer\5dc5b.msp
[2011/06/14 00:24:48 | 000,023,552 | ---- | M] () -- C:\Windows\Installer\5dc60.msi
[2011/06/14 00:24:55 | 002,144,256 | R--- | M] () -- C:\Windows\Installer\5dc6b.msp
[2011/06/14 00:25:01 | 000,021,504 | ---- | M] () -- C:\Windows\Installer\5dc70.msi
[2011/06/14 00:25:06 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\5dc75.msp
[2011/06/14 00:25:13 | 000,021,504 | ---- | M] () -- C:\Windows\Installer\5dc7a.msi
[2011/06/14 00:25:18 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\5dc7f.msp
[2011/06/14 00:25:29 | 000,087,552 | ---- | M] () -- C:\Windows\Installer\5dc83.msi
[2011/06/14 00:25:33 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\5dc87.msi
[2011/06/14 00:25:39 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\5dc8b.msi
[2011/06/14 00:25:44 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\5dc8f.msi
[2011/06/14 00:25:50 | 000,020,992 | ---- | M] () -- C:\Windows\Installer\5dc93.msi
[2011/06/14 00:25:56 | 000,038,912 | ---- | M] () -- C:\Windows\Installer\5dc97.msi
[2011/06/14 00:26:01 | 000,024,576 | R--- | M] () -- C:\Windows\Installer\5dc9d.msp
[2010/03/06 01:03:22 | 000,195,584 | ---- | M] () -- C:\Windows\Installer\5dd609.msi
[2011/12/18 01:02:51 | 000,026,624 | ---- | M] () -- C:\Windows\Installer\5e727.msi
[2010/08/13 13:58:24 | 000,540,160 | R--- | M] () -- C:\Windows\Installer\5e73b.msp
[2010/08/27 16:34:58 | 000,540,160 | R--- | M] () -- C:\Windows\Installer\5e73c.msp
[2010/09/30 19:13:46 | 000,680,960 | R--- | M] () -- C:\Windows\Installer\5e73d.msp
[2011/02/08 18:20:46 | 000,843,264 | R--- | M] () -- C:\Windows\Installer\5e73e.msp
[2011/02/15 11:19:46 | 000,818,688 | R--- | M] () -- C:\Windows\Installer\5e73f.msp
[2011/03/08 12:33:20 | 000,818,688 | R--- | M] () -- C:\Windows\Installer\5e740.msp
[2011/05/31 21:16:38 | 000,959,488 | R--- | M] () -- C:\Windows\Installer\5e741.msp
[2011/11/15 12:38:46 | 000,665,600 | R--- | M] () -- C:\Windows\Installer\5e742.msp
[2011/01/24 18:16:02 | 000,014,336 | R--- | M] () -- C:\Windows\Installer\5ed4c.msp
[2011/08/22 00:14:54 | 020,647,936 | R--- | M] () -- C:\Windows\Installer\5ed74.msp
[2010/09/23 21:02:28 | 000,798,208 | R--- | M] () -- C:\Windows\Installer\64e32c8.msp
[2011/04/07 03:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\6a344b.msp
[2011/05/18 22:55:38 | 019,624,448 | R--- | M] () -- C:\Windows\Installer\6a345b.msp
[2011/04/28 10:54:26 | 002,720,768 | R--- | M] () -- C:\Windows\Installer\6a3461.msp
[2009/04/24 12:38:18 | 001,229,312 | R--- | M] () -- C:\Windows\Installer\6ac672.msp
[2009/04/24 12:31:18 | 001,425,920 | R--- | M] () -- C:\Windows\Installer\6ac67c.msp
[2010/10/07 19:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\6bfe255.msp
[2010/09/17 07:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\6bfe263.msp
[2010/10/21 21:05:14 | 002,086,912 | ---- | M] () -- C:\Windows\Installer\6e3648.msi
[2010/07/10 20:06:20 | 010,120,192 | R--- | M] () -- C:\Windows\Installer\6e7adc.msp
[2010/07/10 20:14:14 | 002,850,816 | R--- | M] () -- C:\Windows\Installer\6e7ae4.msp
[2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\6f912fd.msp
[2010/03/22 16:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\6f91305.msp
[2011/04/29 12:30:12 | 001,197,056 | R--- | M] () -- C:\Windows\Installer\73df8d.msp
[2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\73dfa4.msp
[2009/06/15 20:01:20 | 000,432,640 | ---- | M] () -- C:\Windows\Installer\78d94.msi
[2012/01/03 18:58:05 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\7b72f.msp
[2011/11/28 20:18:12 | 000,062,464 | ---- | M] () -- C:\Windows\Installer\7bbce.msi
[2010/12/11 04:04:38 | 000,472,064 | ---- | M] () -- C:\Windows\Installer\7f20b3.msi
[2012/07/06 18:53:47 | 003,105,280 | ---- | M] () -- C:\Windows\Installer\7f469c.msi
[2010/02/21 02:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\8479f8.msp
[2010/02/04 18:24:30 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\847a18.msp
[2011/12/26 10:02:58 | 019,677,184 | R--- | M] () -- C:\Windows\Installer\90ddc.msp
[2011/12/25 06:40:46 | 000,819,200 | R--- | M] () -- C:\Windows\Installer\90de2.msp
[2009/07/28 19:30:26 | 000,326,144 | ---- | M] () -- C:\Windows\Installer\910cb.msi
[2009/07/28 19:30:32 | 000,320,512 | ---- | M] () -- C:\Windows\Installer\910d0.msi
[2009/07/28 19:30:47 | 000,432,640 | ---- | M] () -- C:\Windows\Installer\910e2.msi
[2009/07/28 19:30:52 | 000,519,680 | ---- | M] () -- C:\Windows\Installer\910e7.msi
[2009/07/28 19:30:58 | 000,592,896 | ---- | M] () -- C:\Windows\Installer\910ec.msi
[2009/07/28 19:31:00 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\910f1.msi
[2009/07/28 19:31:08 | 000,121,344 | ---- | M] () -- C:\Windows\Installer\910f6.msi
[2009/07/28 19:31:29 | 000,367,616 | ---- | M] () -- C:\Windows\Installer\9110d.msi
[2009/07/28 19:31:37 | 000,121,344 | ---- | M] () -- C:\Windows\Installer\91112.msi
[2009/07/28 19:31:46 | 000,647,680 | ---- | M] () -- C:\Windows\Installer\9111c.msi
[2009/07/28 19:32:14 | 000,472,576 | ---- | M] () -- C:\Windows\Installer\91136.msi
[2009/07/28 19:32:15 | 000,339,968 | ---- | M] () -- C:\Windows\Installer\9113d.msi
[2009/07/28 19:32:20 | 000,121,344 | ---- | M] () -- C:\Windows\Installer\91142.msi
[2009/07/28 19:32:23 | 000,596,480 | ---- | M] () -- C:\Windows\Installer\9114a.msi
[2009/07/28 19:32:27 | 000,121,344 | ---- | M] () -- C:\Windows\Installer\9114f.msi
[2009/07/28 19:32:41 | 000,343,552 | ---- | M] () -- C:\Windows\Installer\91157.msi
[2009/07/28 19:33:26 | 000,988,160 | ---- | M] () -- C:\Windows\Installer\9117b.msi
[2009/07/28 19:33:32 | 000,510,976 | ---- | M] () -- C:\Windows\Installer\91180.msi
[2009/07/28 19:33:35 | 000,312,320 | ---- | M] () -- C:\Windows\Installer\91185.msi
[2009/07/28 19:33:37 | 000,211,968 | ---- | M] () -- C:\Windows\Installer\9118a.msi
[2009/07/28 19:33:39 | 000,623,616 | ---- | M] () -- C:\Windows\Installer\91190.msi
[2009/07/28 19:35:46 | 000,634,880 | ---- | M] () -- C:\Windows\Installer\91195.msi
[2009/07/28 19:35:51 | 000,301,568 | ---- | M] () -- C:\Windows\Installer\9119a.msi
[2009/07/28 19:35:56 | 000,328,192 | ---- | M] () -- C:\Windows\Installer\911a0.msi
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\9e5ef9.msp
[2012/02/17 08:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\a47c8.msp
[2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\a47e8.msp
[2012/03/15 02:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\a47fd.msp
[2011/11/01 13:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\a4813.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\a4828.msp
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\a4834.msp
[2012/04/28 21:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\a4868.msp
[2012/03/23 14:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\a487d.msp
[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\a48a1.msp
[2012/04/28 21:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\a48c1.msp
[2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\a48d6.msp
[2010/07/23 02:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\a9da0.msp
[2011/07/27 08:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\a9dc5.msp
[2011/01/03 12:28:08 | 000,092,672 | ---- | M] () -- C:\Windows\Installer\aae07f.msi
[2011/01/03 12:29:53 | 000,018,944 | ---- | M] () -- C:\Windows\Installer\aae088.msi
[2010/12/21 10:29:44 | 009,472,000 | ---- | M] () -- C:\Windows\Installer\bb1b0.msi
[2011/06/18 09:08:44 | 019,210,240 | R--- | M] () -- C:\Windows\Installer\ccdf0.msp
[2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\d2b186.msp
[2009/06/23 22:38:16 | 000,691,200 | ---- | M] () -- C:\Windows\Installer\d2e1d8.msi
[2009/07/28 23:55:44 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\d7bc64.msi
[2009/04/24 12:29:02 | 009,013,760 | R--- | M] () -- C:\Windows\Installer\da822.msp
[2010/10/12 13:54:19 | 000,212,992 | ---- | M] () -- C:\Windows\Installer\db5538.msi
[2010/12/10 13:47:21 | 000,083,456 | ---- | M] () -- C:\Windows\Installer\dbc9e.msi
[2012/03/28 20:48:47 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\e1fb7.msi
[2011/11/01 14:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\eae3c9.msp
[2011/11/01 14:34:30 | 001,552,384 | R--- | M] () -- C:\Windows\Installer\eae3dc.msp
[2008/08/21 22:19:45 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\ef0b4.mst
[2008/08/21 22:19:45 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\fbb81.mst
[2011/07/12 15:50:24 | 017,555,968 | R--- | M] () -- C:\Windows\Installer\fd45f0.msp
[2011/07/11 17:19:28 | 010,619,904 | R--- | M] () -- C:\Windows\Installer\fd45fb.msp
[2011/12/21 01:05:47 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi
[2011/06/14 00:16:49 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}.SchedServiceConfig.rmi
[2010/12/30 00:42:01 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{308B6AEA-DE50-4666-996D-0FA461719D6B}.SchedServiceConfig.rmi
[2012/06/20 00:19:39 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
[2011/06/13 13:45:27 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{774088D4-0777-4D78-904D-E435B318F5D2}.SchedServiceConfig.rmi
[2010/08/08 12:09:17 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{85991ED2-010C-4930-96FA-52F43C2CE98A}.SchedServiceConfig.rmi
[2010/05/03 13:52:23 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}.SchedServiceConfig.rmi
[2009/11/16 23:03:30 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}.SchedServiceConfig.rmi
[2009/08/10 15:00:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}.SchedServiceConfig.rmi
[2011/06/14 00:22:57 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{F53D678E-238F-4A71-9742-08BB6774E9DC}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* >
[2012/06/23 13:46:14 | 000,003,682 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2010/07/15 21:33:02 | 000,003,678 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Reader and Acrobat Manager
[2012/02/26 13:05:42 | 000,003,082 | ---- | M] () -- C:\Windows\system32\tasks\ASC5_PerformanceMonitor
[2010/04/21 19:49:15 | 000,003,160 | ---- | M] () -- C:\Windows\system32\tasks\CreateChoiceProcessTask
[2011/02/26 04:52:51 | 000,003,060 | ---- | M] () -- C:\Windows\system32\tasks\Game_Booster_Startup
[2012/03/28 20:48:09 | 000,003,630 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2012/03/28 20:48:15 | 000,003,882 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2010/07/15 21:33:02 | 000,003,660 | ---- | M] () -- C:\Windows\system32\tasks\HP online update program
[2010/08/08 16:30:13 | 000,003,846 | ---- | M] () -- C:\Windows\system32\tasks\Real Networks Scheduler
[2011/11/15 23:46:18 | 000,003,196 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-118059262-2797764304-1290977041-1000
[2011/11/15 23:46:18 | 000,003,328 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-118059262-2797764304-1290977041-1000
[2009/06/15 16:54:52 | 000,003,202 | ---- | M] () -- C:\Windows\system32\tasks\Recovery DVD Creator-currys
[2010/10/21 21:05:16 | 000,003,806 | ---- | M] () -- C:\Windows\system32\tasks\Scheduled Update for Ask Toolbar
[2010/07/17 23:06:11 | 000,002,758 | ---- | M] () -- C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance
[2012/05/14 19:43:35 | 000,003,686 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{5FCC3B7B-7333-4018-B6CB-058AB397226F}
[2012/07/10 18:51:08 | 000,003,940 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}
[2012/05/10 10:07:14 | 000,003,150 | ---- | M] () -- C:\Windows\system32\tasks\{066D67B3-8FF6-40F2-AE4C-FCD397779332}
[2011/12/26 23:35:47 | 000,003,168 | ---- | M] () -- C:\Windows\system32\tasks\{6A6C8641-9252-4A7B-AD0E-22E5CD41E78F}
[2009/12/30 18:08:43 | 000,003,188 | ---- | M] () -- C:\Windows\system32\tasks\{9314AEE8-62B5-46E1-9371-CEBBD1505854}
[2011/12/19 19:39:42 | 000,003,208 | ---- | M] () -- C:\Windows\system32\tasks\{953E484D-EA99-46B4-A95B-80A40D9FD657}
[2011/12/26 23:02:13 | 000,003,212 | ---- | M] () -- C:\Windows\system32\tasks\{9A51833A-65CA-4472-81F6-7A8B7C220054}
[2009/06/23 22:33:02 | 000,003,056 | ---- | M] () -- C:\Windows\system32\tasks\{A951A895-488A-4F20-95BB-2FD4A1404939}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/04/29 16:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MRESP50.SYS >
[2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) MD5=07C02C892E8E1A72D6BF35004F0E9C5E -- C:\Program Files\Common Files\Motive\MRESP50.sys

< MD5 for: REGEDIT.EXE >
[2008/01/21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008/01/21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008/01/21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/07/01 14:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/07/01 14:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: EAMONNS
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media 
Volume 1 C OS NTFS Partition 586 GB Healthy System 
Volume 2 I Removable 0 B No Media 
Volume 3 E Removable 0 B No Media 
Volume 4 F Removable 0 B No Media 
Volume 5 G Removable 0 B No Media 
Volume 6 H Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1077 bytes -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml:OECustomProperty
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 1005 bytes -> C:\Users\currys\Desktop\Argos - Thank you for your order number 201549843.eml:OECustomProperty

< End of report >


----------



## baffledUK (Jul 2, 2012)

OTL Extras logfile created on: 10/07/2012 18:55:16 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\currys\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.67% Memory free
6.22 Gb Paging File | 4.54 Gb Available in Paging File | 72.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 420.59 Gb Free Space | 71.75% Space Free | Partition Type: NTFS

Computer Name: EAMONNS | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077FC2C3-74FB-403F-A334-E774484F5960}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{14A4E836-AB4A-44A9-933F-91CE46AFE2B5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{22C706A7-3A8D-4B6D-A9AE-88DC09214501}" = lport=445 | protocol=6 | dir=in | app=system | 
"{35A60B16-287F-46C1-A5F9-4354D7EF89F4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{36A75987-D56E-4F05-9A03-5AAA81F306CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{40901B14-999D-4D88-BE80-A291E6744CA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5AA588C7-C691-43EB-865B-9E359D8682EF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{65B64942-38C9-482A-8194-CA0F6EE0F88B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{665A566B-2B80-4935-97CB-5FCCF0113726}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{69B487AE-551B-455B-B78A-C91099B96EBA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96AAD2FA-FBEA-40E3-80EF-FAF5A323A1A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD375AD2-C012-412F-816A-4AB8299D8624}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B67AF908-280F-43F1-8C3A-F4C46F7CD957}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B925A4F0-24F0-4686-95FD-C8E82CCC3594}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BC3E63E3-F375-4AE4-99E8-5C1A2E938EE1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C306F9DC-2929-4F98-A820-5587109B462D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D2C7D018-F349-4D98-92E1-5870132BB37D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EA7CDFC7-D863-4A3E-9E6B-E3F1F7A9A914}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECAE8F2A-4601-40C3-A807-958837B9750C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F2F1F212-C4A9-42C1-AA7B-F5BE2C82ADD1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F85E7310-B7C8-44DD-AF53-CAF849547520}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD6F7B4-6243-42A3-8E8E-74C595DFF8C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{0DE8C8DE-E774-4A91-8DD3-3756847058BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DFE3D5E-1292-4F0F-8015-6361B7DE97F5}" = protocol=58 | dir=in | [email protected],-28545 | 
"{1086D784-1C71-4146-8BE1-4F9E492EA384}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{1B2DC0D8-4758-467A-A820-D679BE61F5A6}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{27EA6E02-5D1B-4BCA-B4E9-B8EFDA209DDE}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{351F9051-5177-4A0C-8BFA-79628A9A3EDE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{36A82E00-DF4C-4707-BE58-D3FB7674860A}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{42828803-D75E-4CA6-B629-25FAFF64DE83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{45AA8F1B-F05C-4A55-B2CE-632972E4D84D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5F4261BA-17EE-4191-8D14-CB29B9B7ACCC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5FC77053-37BB-4589-80D4-7007A07940AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{646E010A-8A31-4AAB-A714-060466A26699}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65D2826D-0863-46B5-ADC5-0AAED43ECBA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{669A9609-CE9A-412B-91CE-17B4F501CDDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E684EF5-B3CC-4D88-9AB2-C6E03414FF36}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{6F269D87-6FC8-4A0A-9A1F-771D5E724FF0}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{70E74B53-44BD-4761-9FD4-4161C4B29CA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75CF704A-CE5F-48B1-BE5F-13DFEAE36786}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7E145D01-BC9F-4A80-AFC8-021AED9E5E5A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{8E4D13B1-F004-4907-82EF-462BF3DBEB93}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{952BB108-C89A-4288-9A43-11A3D95B86D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{98D2DA95-07EE-402E-830A-F1CA26B6B023}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E58EDF0-68E3-4F6F-9087-1589B2E849F0}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{A16D46C9-8208-46AF-BF6F-DBC58CDD66E8}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{AB4EC5BD-B183-4837-8DBB-747E3BEBE443}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{ACA92CFD-F44B-4D19-9D56-1A76E4C48CA5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | 
"{ADF50129-A0D0-4A09-B01C-6C85490C5468}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{B3C7A140-7DEF-448F-9F84-F5E0243A75C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B50BD5F2-FF67-4DD4-851B-2DC64366E332}" = protocol=6 | dir=out | app=system | 
"{B8D7047F-E01B-4317-97FA-9CBD1A1F2944}" = protocol=1 | dir=out | [email protected],-28544 | 
"{BA141541-D4B6-4D5B-BD03-37FD58A6C371}" = protocol=58 | dir=out | [email protected],-28546 | 
"{BDA6A4A2-8D5B-4DF4-B92D-B698121867CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BE68E580-C2B2-456D-B409-5B1743F0D7E2}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{BF0309EB-A94D-44BD-9F37-55002BAED87C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{C965B8E4-CD54-4750-9251-5681E7E415E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D23B8769-4D9A-44A3-A159-01AF507C6EFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D41CA142-1B1E-43ED-99E9-93C0E6F05ADD}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{D8129F23-28D1-498D-9DC2-3A2F9BC48A20}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{DF984537-12F5-4F19-B213-ED5F723E3162}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{E81A495F-B905-4CB9-AC84-4D2DC4806A8C}" = protocol=1 | dir=in | [email protected],-28543 | 
"{E97292A2-833B-4AE1-9BBF-ED5F22BE57E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1D928A8-6CB1-49EC-B34E-20053F210C1A}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{F24FC09A-47E9-4A92-8560-A53264E39319}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{F4986326-7C1D-462A-80E2-D6DB7B1DEA97}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BD94085-2E05-4EBD-8F2D-AF7499C50D92}" = LCD test
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3350E9B0-DCE6-4AE1-B3AC-D0C11FBEEDA1}_is1" = SeaTools for Windows
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3559CDE0-11FC-4D7B-A65C-D646035B1033}" = Nero 8 Essentials
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.6
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6C2EDF63-C83B-4AAD-AC26-1784660F618B}" = Advanced Disk Cleaner
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{848139E5-DC9D-44E6-934E-F64BB648ED6E}_is1" = CD & DVD Label Maker 1.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F38A000-31A6-4A46-B5AF-07523E3B1E7C}_is1" = Packard Bell ImageWriter v1.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C591601B-4F3C-4756-B7B1-1C36637D4AFE}" = Chanalyzer 4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Updator
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Image Writer
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"4oD" = 4oD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine 
"Game Booster_is1" = Game Booster 3
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist Corporate
"Greatis Reanimator_is1" = RegRun Reanimator
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0 (x86 en-US)" = Mozilla Firefox 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"RealPlayer 12.0" = RealPlayer
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 34000" = Football Manager 2010
"Steam App 34030" = Napoleon: Total War
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/07/2012 13:46:12 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 13:46:12 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 13:49:50 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 13:49:50 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 13:58:01 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 13:58:01 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 14:07:42 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 14:07:42 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 14:10:39 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 10/07/2012 14:10:39 | Computer Name = Eamonns | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error
description: Class not registered .

[ OSession Events ]
Error - 07/07/2009 16:32:25 | Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 07/07/2009 16:44:49 | Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 07/07/2009 16:50:58 | Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 10/07/2012 13:35:20 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7000
Description =

Error - 10/07/2012 13:35:20 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7000
Description =

Error - 10/07/2012 13:35:20 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7000
Description =

Error - 10/07/2012 13:35:20 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7000
Description =

Error - 10/07/2012 13:35:20 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7000
Description =

Error - 10/07/2012 13:35:41 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7022
Description =

Error - 10/07/2012 13:35:41 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7034
Description =

Error - 10/07/2012 13:38:11 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7009
Description =

Error - 10/07/2012 13:38:14 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7038
Description =

Error - 10/07/2012 13:38:14 | Computer Name = Eamonns | Source = Service Control Manager | ID = 7000
Description =

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like you have quite a lot there that is not needed, so lets get rid of those 

Firstly, can you uninstall these via AddRemove Programs:
*
Conduit Engine 
Game Booster 3
Smart Defrag 2
ZoneAlarm Security Toolbar *

------

Then, can you do the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
PRC - [2011/08/26 13:56:04 | 000,685,912 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
MOD - [2011/08/26 13:56:08 | 000,516,440 | ---- | M] () -- C:\Program Files\IObit\Game Booster\sqlite3.dll
MOD - [2011/02/22 16:01:26 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madexcept_.bpl
MOD - [2011/02/22 16:01:26 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madbasic_.bpl
MOD - [2011/02/22 16:01:26 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Game Booster\maddisAsm_.bpl
SRV - File not found [Auto | Stopped] -- -- (WMService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (PLFlash DeviceIoControl Service)
SRV - File not found [On_Demand | Stopped] -- -- (odserv)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 3)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (IBUpdaterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\currys\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/02/23 17:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.goonsearch.com/web.html?source=IBR-IB-PDP-INS-DBS&q={searchTerms}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101067&mntrId=50b4fa92000000000000002197a13750
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=crm&q={searchTerms}&locale=en_UK&apn _ptnrs=AU&apn_dtid=YYYYYYYYGB&apn_uid=34399D31-44A3-4DA6-8AC7-C989A030269F&apn_sauid=A32CCD2B-3BB2-4310-B8FA-574A397D7115
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.goonsearch.com/web.html?source=IBR-IB-PDP-INS-DBS&q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=CrQt__Hz-oJhPpnLvuNAmY8Q990?q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=8a29f83a-1762-4abe-b6d2-85b8f55d9ff9&query={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
[2012/07/01 01:10:55 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/07/08 19:39:06 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/06/27 14:38:40 | 000,000,925 | ---- | M] () -- C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\conduit.xml
[2012/06/23 14:03:40 | 000,002,203 | ---- | M] () -- C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\MyStart Search.xml
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/au...20090910103721 (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/Driver...aSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/act...eX_Control.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\prox - No CLSID value found
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/03/15 19:37:45 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/03/15 19:37:45 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/07/01 01:10:53 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\IObit
[2012/02/04 12:18:30 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/02/04 12:18:30 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/02/04 12:18:30 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit
[2011/02/26 04:52:51 | 000,003,060 | ---- | M] () -- C:\Windows\system32\tasks\Game_Booster_Startup
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


----------



## baffledUK (Jul 2, 2012)

All processes killed
========== OTL ==========
No active process named gbtray.exe was found!
Error: No service named WMService was found to stop!
Service\Driver key WMService not found.
Error: No service named SBSDWSCService was found to stop!
Service\Driver key SBSDWSCService not found.
File C:\Program Files\Spybot not found.
Error: No service named PLFlash DeviceIoControl Service was found to stop!
Service\Driver key PLFlash DeviceIoControl Service not found.
Error: No service named odserv was found to stop!
Service\Driver key odserv not found.
Error: No service named NMIndexingService was found to stop!
Service\Driver key NMIndexingService not found.
Error: No service named Nero BackItUp Scheduler 3 was found to stop!
Service\Driver key Nero BackItUp Scheduler 3 not found.
Error: No service named iPod Service was found to stop!
Service\Driver key iPod Service not found.
Error: No service named IBUpdaterService was found to stop!
Service\Driver key IBUpdaterService not found.
Error: No service named Apple Mobile Device was found to stop!
Service\Driver key Apple Mobile Device not found.
Error: No service named vsdatant7 was found to stop!
Service\Driver key vsdatant7 not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
Error: No service named MRENDIS5 was found to stop!
Service\Driver key MRENDIS5 not found.
Error: No service named MREMPR5 was found to stop!
Service\Driver key MREMPR5 not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
Error: No service named cpuz134 was found to stop!
Service\Driver key cpuz134 not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\currys\AppData\Local\Temp\catchme.sys not found.
Error: No service named SmartDefragDriver was found to stop!
Service\Driver key SmartDefragDriver not found.
File C:\Windows\System32\drivers\SmartDefragDriver.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "WiseConvert Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "WiseConvert Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/ShockwavePlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=8\ not found.
Folder C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Folder C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\conduit.xml not found.
File C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\MyStart Search.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}\ not found.
File C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0e8bc7d-6959-40b6-8e05-204d9768ad6e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0e8bc7d-6959-40b6-8e05-204d9768ad6e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}\ not found.
File C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {0972B098-DEE9-4279-AC7E-4BAAA029102D}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ not found.
Starting removal of ActiveX control {1E54D648-B804-468d-BC78-4AFFED8E262F}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {74DBCB52-F298-4110-951D-AD2FF67BC8AB}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74DBCB52-F298-4110-951D-AD2FF67BC8AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DBCB52-F298-4110-951D-AD2FF67BC8AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74DBCB52-F298-4110-951D-AD2FF67BC8AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DBCB52-F298-4110-951D-AD2FF67BC8AB}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {BEA7310D-06C4-4339-A784-DC3804819809}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found.
File Protocol\Handler\avgsecuritytoolbar - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ not found.
File Protocol\Handler\base64 - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ not found.
File Protocol\Handler\chrome - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ not found.
File Protocol\Handler\ms-itss - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ not found.
File Protocol\Handler\prox - No CLSID value found not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
File C:\Windows\System32\SmartDefragBootTime.exe not found.
File C:\Windows\System32\drivers\SmartDefragDriver.sys not found.
Folder C:\Users\currys\AppData\Roaming\IObit\ not found.
Folder C:\Users\Default\AppData\Roaming\IObit\ not found.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
Folder C:\Users\UpdatusUser\AppData\Roaming\IObit\ not found.
File C:\Windows\system32\tasks\Game_Booster_Startup not found.
Unable to delete ADS C:\ProgramData\TEMP:07BF512B .
Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\currys\Downloads\cmd.bat deleted successfully.
C:\Users\currys\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: currys
->Temp folder emptied: 1050496 bytes
->Temporary Internet Files folder emptied: 1439217 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 59824564 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 56967 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27915180 bytes
RecycleBin emptied: 1146246 bytes

Total Files Cleaned = 87.00 mb

[EMPTYJAVA]

User: All Users

User: currys
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: currys
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code -2146959355

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_220830

Files\Folders moved on Reboot...
C:\Users\currys\AppData\Local\Temp\~DF6D18.tmp moved successfully.
C:\Windows\temp\ZLT02723.TMP moved successfully.

PendingFileRenameOperations files...
File C:\Users\currys\AppData\Local\Temp\~DF6D18.tmp not found!
File C:\Windows\temp\ZLT02723.TMP not found!

Registry entries deleted on Reboot...

Eddie can't find conduit engine in add/remove any ideas?


----------



## eddie5659 (Mar 19, 2001)

Its okay about the Conduit Engine, it may have been removed after uninstalling the others 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*Conduit*
*Game Booster*
*Smart Defrag*
*ZoneAlarm*
*IObit*
*SmartDefragDriver*
*goonsearch*
*searchqu*
*ask.com*
*babylon*
*ibryte*
*MyStart*
*uTorrentBar*
*WiseConvert*
*Blabbers*
:folderfind
*Conduit*
*Game Booster*
*Smart Defrag*
*ZoneAlarm*
*IObit*
*SmartDefragDriver*
*goonsearch*
*searchqu*
*ask.com*
*babylon*
*ibryte*
*MyStart*
*uTorrentBar*
*WiseConvert*
*Blabbers*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 21:05 on 16/07/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.yahoo.go.sync\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [07:36 16/04/2010] [07:36 16/04/2010] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Program Files\ConduitEngine\ConduitEngine.dll --a---- 3911776 bytes [22:45 21/12/2010] [12:51 09/12/2010] D9A0CE26ADA5BD15B1B03A752DDF14A6
C:\Program Files\ConduitEngine\ConduitEngineHelper.exe --a---- 38496 bytes [22:45 21/12/2010] [08:08 19/12/2010] A320DF2B47CFCAF98D06EB59CD72084C
C:\Program Files\ConduitEngine\ConduitEngineUninstall.exe --a---- 23648 bytes [22:45 21/12/2010] [10:32 25/11/2010] DF465BE110DC0F7E5329D1B8065A405F
C:\Users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1037922_1033633_UK.xml --a---- 197 bytes [19:19 28/11/2011] [23:09 04/12/2011] F1FF673270D84B6548C27BE92BF4520F
C:\Users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1161838_1157525_UK.xml --a---- 184 bytes [22:46 21/12/2010] [00:10 03/03/2011] F74147AF8D71A423E2E1DABCA44BC712
C:\Users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1178763_1174448_UK.xml --a---- 179 bytes [11:55 22/01/2012] [10:13 12/03/2012] F7598DCC137C5BC7A12A1A69CF63D58D
C:\Users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_900783_896578_UK.xml --a---- 198 bytes [23:55 02/03/2011] [00:10 03/03/2011] 44D5CE8ECD2976E626B8D997EF454F36
C:\Users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml --a---- 191 bytes [22:46 21/12/2010] [00:10 03/03/2011] 43C93B80235159F037CEA9A173922F92
C:\Users\currys\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_7_0_6.xml --a---- 10909 bytes [19:18 28/11/2011] [14:48 04/12/2011] 1B3B574AA349758343D3C80787B9739E
C:\Users\currys\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_8_2_0.xml --a---- 10909 bytes [14:59 04/12/2011] [18:27 28/12/2011] 1B3B574AA349758343D3C80787B9739E
C:\Users\currys\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_8_5_1.xml --a---- 10909 bytes [11:55 22/01/2012] [11:55 11/03/2012] 1B3B574AA349758343D3C80787B9739E
C:\Users\currys\AppData\LocalLow\ConduitEngine\ConduitEngine.dll --a---- 4214056 bytes [18:49 09/03/2011] [15:14 16/02/2011] 4CF003B5D20C351A1AA4A343267A7832
C:\Users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-gb.xml --a---- 6613 bytes [22:45 21/12/2010] [22:45 21/12/2010] FE3E6F69A41E7532957D7814E3E433E1
C:\Users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-gb.xml --a---- 6819 bytes [22:45 21/12/2010] [18:48 09/03/2011] A278FCD81E7E9E287A0F8BB1C89CD2C6
C:\Users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-gb.xml --a---- 4060 bytes [22:45 21/12/2010] [22:45 21/12/2010] D36423CECBFE5F806725E13ED7101201
C:\Users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-gb.xml --a---- 4475 bytes [22:45 21/12/2010] [18:48 09/03/2011] 74F81E98677EB434ADD4BC697F677185
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634062498888125000_png.png --a---- 509 bytes [19:18 28/11/2011] [19:18 28/11/2011] 40ECBDFF6DF6593ACDEAD0021DCC7336
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634062499232812500_png.png --a---- 670 bytes [19:18 28/11/2011] [19:18 28/11/2011] D9CE725CB6F7C294C96BDF01D653A8D5
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634062507244523750_png.png --a---- 542 bytes [19:18 28/11/2011] [19:18 28/11/2011] 9D05DCA26B67565D14A9449C99151904
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634072035938731250_png.png --a---- 1233 bytes [19:18 28/11/2011] [19:18 28/11/2011] DBE61127540140F646C5CBF6C861EF7C
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634086668687710000_png.png --a---- 1220 bytes [19:18 28/11/2011] [19:18 28/11/2011] E47D3E82CF24455F91AFF9C5CC0B97EB
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634104326720878750_gif.gif --a---- 405 bytes [19:18 28/11/2011] [19:18 28/11/2011] 2221BD773E94BC9C07D9433BDC91A234
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634182163591881250_png.png --a---- 1272 bytes [19:18 28/11/2011] [19:18 28/11/2011] 3894229CBC80234B1321515E51A063A9
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_634449653283568750_png.png --a---- 529 bytes [19:18 28/11/2011] [19:18 28/11/2011] 810FDF4A283DB1CFFFF73828531AC0D7
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_Menu-silkset_accept_gif-Silk_1-634051179887806250_gif.gif --a---- 403 bytes [19:18 28/11/2011] [19:18 28/11/2011] 87B062CE740BE13817F46B8F381E8A2B
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_38_264_CT2645238_Images_PopUpBlocker-02_gif-Shiny-634461580123626958_gif.gif --a---- 1008 bytes [19:18 28/11/2011] [19:18 28/11/2011] AE12636E9E2B22BCD58053E57E8709C7
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif --a---- 159 bytes [19:18 28/11/2011] [19:18 28/11/2011] FF164EABA285C2E614EBFD967FEF9732
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [19:18 28/11/2011] [19:18 28/11/2011] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [19:18 28/11/2011] [19:18 28/11/2011] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [19:18 28/11/2011] [19:18 28/11/2011] A847C5F6CE2C700048749892DD2E0619
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [19:18 28/11/2011] [19:18 28/11/2011] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [19:18 28/11/2011] [19:18 28/11/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [19:18 28/11/2011] [19:18 28/11/2011] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [19:18 28/11/2011] [19:18 28/11/2011] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [19:18 28/11/2011] [19:18 28/11/2011] 275C9DA2D536F18F528C80E050C3D705
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [19:18 28/11/2011] [19:18 28/11/2011] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [19:18 28/11/2011] [19:18 28/11/2011] 650731EEF807C292E699779B12CBE552
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [19:18 28/11/2011] [19:18 28/11/2011] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png --a---- 705 bytes [19:18 28/11/2011] [19:18 28/11/2011] 70B83DCDF7A6FA34240E1AA1D23EE535
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png --a---- 746 bytes [19:18 28/11/2011] [19:18 28/11/2011] 2AE805114215925E00858FD2FEFF1439
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png --a---- 669 bytes [19:18 28/11/2011] [19:18 28/11/2011] 6CFEA2D0DB786FDB4D72C1C1DE036822
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png --a---- 338 bytes [19:18 28/11/2011] [19:18 28/11/2011] DB45ACA16C515F2FD8CB3B6F5E4FC386
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png --a---- 545 bytes [19:18 28/11/2011] [19:18 28/11/2011] 6EB69BFCBFD422247C103705B532BFE1
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png --a---- 514 bytes [19:18 28/11/2011] [19:18 28/11/2011] 7F396C3A400239B9B66DEC2D503D86BB
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png --a---- 3355 bytes [19:18 28/11/2011] [19:18 28/11/2011] EC261A170D34BE434129E71B9C2C0408
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png --a---- 594 bytes [19:18 28/11/2011] [19:18 28/11/2011] 62C86296694EF7F41D380804A58EF5CA
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png --a---- 415 bytes [19:18 28/11/2011] [19:18 28/11/2011] E42D284CC0436B66C1DB4AAFFCCC1957
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png --a---- 461 bytes [19:18 28/11/2011] [19:18 28/11/2011] B4AEAC6600360BC4148538F716453AAC
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png --a---- 699 bytes [19:18 28/11/2011] [19:18 28/11/2011] 640E17444F44717CA5039BCB7FD3551E
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [19:18 28/11/2011] [19:18 28/11/2011] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [19:18 28/11/2011] [19:18 28/11/2011] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [19:18 28/11/2011] [19:18 28/11/2011] A9E001CBC00B06B121DFBC80707F5298
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [19:18 28/11/2011] [19:18 28/11/2011] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [19:18 28/11/2011] [19:18 28/11/2011] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [19:18 28/11/2011] [19:18 28/11/2011] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [19:18 28/11/2011] [19:18 28/11/2011] 6427565C7105DC497287866100F260BB
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [19:18 28/11/2011] [19:18 28/11/2011] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [19:18 28/11/2011] [19:18 28/11/2011] C3EBA0237D68F665AF6D663906221092
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [19:18 28/11/2011] [19:18 28/11/2011] 5E7217A3357550F9749A095631F51015
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [19:18 28/11/2011] [19:18 28/11/2011] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [19:18 28/11/2011] [19:18 28/11/2011] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [19:18 28/11/2011] [19:18 28/11/2011] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [19:18 28/11/2011] [19:18 28/11/2011] 948781E4B6478290050ECA4423B89B1E
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif --a---- 606 bytes [19:18 28/11/2011] [19:18 28/11/2011] 2A1D4FB45F62D3D260F2134228FAB05E
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [19:18 28/11/2011] [19:18 28/11/2011] AE5A39669C623937C0839E079E1088D5
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [19:18 28/11/2011] [19:18 28/11/2011] 766433EF38BDA83C4FD4932027A4B9D5
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_MarketPlace_27_580_2760e0b4-18bf-4506-b490-68675d529580_Appearance_634162503573491253_24x24_png.png --a---- 1942 bytes [19:18 28/11/2011] [19:18 28/11/2011] 6FB2D7B7D0D5AB90592A88F6ECE99F52
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_MarketPlace_9b_1c5_9b145804-a2fe-4b13-aa3d-2a7d0d2e71c5_Appearance_634045313698673754_png.png --a---- 1521 bytes [19:18 28/11/2011] [19:18 28/11/2011] 9923EFB40AEB86E5663330985042FF62
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png --a---- 1164 bytes [19:18 28/11/2011] [19:18 28/11/2011] 31739E90689A4A6E14D8782F8E4C3434
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif --a---- 351 bytes [23:02 04/12/2011] [23:02 04/12/2011] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif --a---- 173 bytes [14:48 04/12/2011] [14:48 04/12/2011] E509575F473727B14C87367068C42353
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif --a---- 212 bytes [19:19 28/11/2011] [19:19 28/11/2011] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_rain_gif.gif --a---- 386 bytes [20:02 12/12/2011] [20:02 12/12/2011] 8006B1A5A88AB3451A5E58AA361815DD
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_showers_gif.gif --a---- 379 bytes [23:29 28/12/2011] [23:29 28/12/2011] 8ACA902931FBDF51B3BB293D6E15D70F
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif --a---- 259 bytes [09:26 30/11/2011] [09:26 30/11/2011] 110EC9BCA8470D6488B626EA28914A6C
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif --a---- 204 bytes [21:19 29/11/2011] [21:19 29/11/2011] 5EBD213E8A460652C883CBF68C152B5B
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7042 bytes [19:18 28/11/2011] [18:27 28/12/2011] C159A6BEAA8E32AAEFE7172DD5C2481E
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5520 bytes [19:18 28/11/2011] [18:27 28/12/2011] D2E48F631F8A9768E9BBCB0964C7878F
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6586 bytes [19:18 28/11/2011] [18:27 28/12/2011] 0DC95CF28A384D3BFBFA60244A55125A
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5519 bytes [19:18 28/11/2011] [18:27 28/12/2011] 2B856ABBDD6E033594465C4945D5C93A
C:\Windows\System32\config\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1161838_1157525_UK.xml --a---- 184 bytes [22:38 10/02/2011] [16:02 23/02/2011] F74147AF8D71A423E2E1DABCA44BC712
C:\Windows\System32\config\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml --a---- 191 bytes [22:38 10/02/2011] [16:02 23/02/2011] 43C93B80235159F037CEA9A173922F92
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [22:32 10/02/2011] [22:32 10/02/2011] 99D5F75C338F2A877CBF891E0F18746E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [22:32 10/02/2011] [22:32 10/02/2011] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [22:32 10/02/2011] [22:32 10/02/2011] A847C5F6CE2C700048749892DD2E0619
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [22:32 10/02/2011] [22:32 10/02/2011] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [22:32 10/02/2011] [22:32 10/02/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [22:32 10/02/2011] [22:32 10/02/2011] 943ADFD9E0DF1507F7BC419802BF4303
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [22:32 10/02/2011] [22:32 10/02/2011] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png --a---- 610 bytes [22:32 10/02/2011] [22:32 10/02/2011] 68E9E9252E45ED7BD51B8680E8DD4462
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png --a---- 606 bytes [22:32 10/02/2011] [22:32 10/02/2011] 8D8D187BA99DBEF76E4286668B474A4E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [22:32 10/02/2011] [22:32 10/02/2011] 275C9DA2D536F18F528C80E050C3D705
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [22:32 10/02/2011] [22:32 10/02/2011] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [22:32 10/02/2011] [22:32 10/02/2011] 650731EEF807C292E699779B12CBE552
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png --a---- 696 bytes [22:32 10/02/2011] [22:32 10/02/2011] 70D43EC3F4BD7C10D5534EFCEC6D7AE5
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [22:32 10/02/2011] [22:32 10/02/2011] 9B4D914888BCFFCBAE6757A0E450551C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-gb.xml --a---- 6613 bytes [22:32 10/02/2011] [22:32 10/02/2011] FE3E6F69A41E7532957D7814E3E433E1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-gb.xml --a---- 6819 bytes [22:32 10/02/2011] [22:32 10/02/2011] A278FCD81E7E9E287A0F8BB1C89CD2C6
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-gb.xml --a---- 4060 bytes [22:32 10/02/2011] [22:32 10/02/2011] D36423CECBFE5F806725E13ED7101201
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-gb.xml --a---- 4475 bytes [22:32 10/02/2011] [22:32 10/02/2011] 74F81E98677EB434ADD4BC697F677185
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_633887384515212500_png.png --a---- 431 bytes [22:32 10/02/2011] [22:32 10/02/2011] C07B41CE42E51B3BEA6018B07CB7E3A5
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_633887385401150000_png.png --a---- 234 bytes [22:32 10/02/2011] [22:32 10/02/2011] FC109501BBC006458D9EC3C786EC0D63
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255835779568750_gif.gif --a---- 462 bytes [22:32 10/02/2011] [22:32 10/02/2011] ACBE6609E815630977767A9F858B80C6
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255836123318750_gif.gif --a---- 440 bytes [22:32 10/02/2011] [22:32 10/02/2011] 68AEF48DF3C3B4CEEE1281CE50E21D87
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255836456912500_gif.gif --a---- 458 bytes [22:32 10/02/2011] [22:32 10/02/2011] 55932819DB4A8970A9C61C22C281F6B7
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255836791287500_gif.gif --a---- 440 bytes [22:32 10/02/2011] [22:32 10/02/2011] 68AEF48DF3C3B4CEEE1281CE50E21D87
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255836997850000_gif.gif --a---- 696 bytes [22:32 10/02/2011] [22:32 10/02/2011] C0C6DF053D83A35E33AE70965F0FE917
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255837217537500_gif.gif --a---- 289 bytes [22:32 10/02/2011] [22:32 10/02/2011] 4CEAAE67B8871D5CCC0DCBE6D2901345
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255837399881250_gif.gif --a---- 412 bytes [22:32 10/02/2011] [22:32 10/02/2011] E9F0CCBC43F6612BA259E59EA43183D0
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255837581600000_gif.gif --a---- 472 bytes [22:32 10/02/2011] [22:32 10/02/2011] 8B61C11CADDB14B8C88842C0BC0F6287
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255837766443750_gif.gif --a---- 1075 bytes [22:32 10/02/2011] [22:32 10/02/2011] 62F9C5DF7F25782EF45F934D39545730
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255837954881250_gif.gif --a---- 658 bytes [22:32 10/02/2011] [22:32 10/02/2011] B6BF0A9C02D283294E314E81A50D84D7
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255838153318750_gif.gif --a---- 206 bytes [22:32 10/02/2011] [22:32 10/02/2011] 57AB7F2947B7357C353CD58FEC11215E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255838345818750_gif.gif --a---- 1415 bytes [22:32 10/02/2011] [22:32 10/02/2011] 23C34B3EE5582922B29DEC4CD7909719
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255838549100000_gif.gif --a---- 1039 bytes [22:32 10/02/2011] [22:32 10/02/2011] 0E265B20DE60F9CB087D35D0513D0127
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255838733162500_gif.gif --a---- 1144 bytes [22:32 10/02/2011] [22:32 10/02/2011] 5D064A7B1D48DBD08F54CD93CDA1A8E7
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634255840460818750_gif.gif --a---- 787 bytes [22:32 10/02/2011] [22:32 10/02/2011] 97BCF57BD3BF80F5225AE25C44F1FEF6
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_26_276_CT2769726_Images_634273524687875000_gif.gif --a---- 1288 bytes [22:32 10/02/2011] [22:32 10/02/2011] 782AE3076DBF8BDAA280AF650B503A98
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [22:32 10/02/2011] [22:32 10/02/2011] 99D5F75C338F2A877CBF891E0F18746E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [22:32 10/02/2011] [22:32 10/02/2011] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [22:32 10/02/2011] [22:32 10/02/2011] A847C5F6CE2C700048749892DD2E0619
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [22:32 10/02/2011] [22:32 10/02/2011] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [22:32 10/02/2011] [22:32 10/02/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [22:32 10/02/2011] [22:32 10/02/2011] 943ADFD9E0DF1507F7BC419802BF4303
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [22:32 10/02/2011] [22:32 10/02/2011] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [22:32 10/02/2011] [22:32 10/02/2011] 275C9DA2D536F18F528C80E050C3D705
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [22:32 10/02/2011] [22:32 10/02/2011] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [22:32 10/02/2011] [22:32 10/02/2011] 650731EEF807C292E699779B12CBE552
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png --a---- 696 bytes [22:32 10/02/2011] [22:32 10/02/2011] 70D43EC3F4BD7C10D5534EFCEC6D7AE5
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [22:32 10/02/2011] [22:32 10/02/2011] 9B4D914888BCFFCBAE6757A0E450551C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [22:32 10/02/2011] [22:32 10/02/2011] 01B83C91554738F6AFFB7895BBBA73FB
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [22:32 10/02/2011] [22:32 10/02/2011] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [22:32 10/02/2011] [22:32 10/02/2011] A9E001CBC00B06B121DFBC80707F5298
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [22:32 10/02/2011] [22:32 10/02/2011] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [22:32 10/02/2011] [22:32 10/02/2011] 995595D4C685D659E8F03CD0A287EDDF
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [22:32 10/02/2011] [22:32 10/02/2011] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [22:32 10/02/2011] [22:32 10/02/2011] 464E244E7E2F27FB85E0C3AB69D72104
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [22:32 10/02/2011] [22:32 10/02/2011] 6427565C7105DC497287866100F260BB
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [22:32 10/02/2011] [22:32 10/02/2011] AE7C9F67594A84B096D225601ACB0B2A
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [22:32 10/02/2011] [22:32 10/02/2011] C3EBA0237D68F665AF6D663906221092
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [22:32 10/02/2011] [22:32 10/02/2011] 5E7217A3357550F9749A095631F51015
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [22:32 10/02/2011] [22:32 10/02/2011] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_searchengines_go_btn_new_gif.gif --a---- 891 bytes [22:32 10/02/2011] [22:32 10/02/2011] F74F91E7DF0A5A5283AB2D2F0E6E58DE
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [22:32 10/02/2011] [22:32 10/02/2011] 66018EAE0906C9831A821CAE5D1089BB
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [22:32 10/02/2011] [22:32 10/02/2011] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [22:32 10/02/2011] [22:32 10/02/2011] 948781E4B6478290050ECA4423B89B1E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif --a---- 625 bytes [22:32 10/02/2011] [22:32 10/02/2011] C23D4DB18B6BB4F38ECBA57AD414A5CF
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif --a---- 606 bytes [22:32 10/02/2011] [22:32 10/02/2011] 2A1D4FB45F62D3D260F2134228FAB05E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [22:32 10/02/2011] [22:32 10/02/2011] AE5A39669C623937C0839E079E1088D5
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [22:32 10/02/2011] [22:32 10/02/2011] 766433EF38BDA83C4FD4932027A4B9D5
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif --a---- 351 bytes [11:02 19/02/2011] [11:02 19/02/2011] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_gif.gif --a---- 468 bytes [09:52 22/02/2011] [09:52 22/02/2011] 25C37C070415AAC32DD6C50BD64276CC
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif --a---- 212 bytes [22:32 10/02/2011] [22:32 10/02/2011] 88CD5B8D6F007347115A8A602E5D158B
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7046 bytes [22:32 10/02/2011] [22:32 10/02/2011] 2FEB6772FE1EAADE909B94F77730A174
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5524 bytes [22:32 10/02/2011] [22:32 10/02/2011] A682A34DF1ECD0DAD55086A5288F23CA
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6586 bytes [22:32 10/02/2011] [22:32 10/02/2011] 0DC95CF28A384D3BFBFA60244A55125A
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5519 bytes [22:32 10/02/2011] [22:32 10/02/2011] 2B856ABBDD6E033594465C4945D5C93A
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js --a---- 9052 bytes [10:56 22/01/2012] [11:47 11/01/2012] AF98421711C6CFA73D6720C455D92DAC
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [10:56 22/01/2012] [11:47 11/01/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml --a---- 925 bytes [10:56 22/01/2012] [11:47 11/01/2012] EC559A6ABEC972452F52CFB3A2AA9F7E
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [18:38 08/07/2012] [08:38 05/07/2012] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [18:38 08/07/2012] [08:38 05/07/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\searchplugin\conduit.xml --a---- 925 bytes [18:38 08/07/2012] [08:38 05/07/2012] C8FF51E75F948A1CDA26BB32BA874D96
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\conduit.xml --a---- 925 bytes [11:17 30/06/2012] [13:38 27/06/2012] 2B398647E19F5F1D7404363B028AEDB5

Searching for "*Game Booster*"
No files found.

Searching for "*Smart Defrag*"
No files found.

Searching for "*ZoneAlarm*"
C:\Program Files\ZoneAlarm_Security\ZoneAlarm_SecurityToolbarHelper.exe --a---- 65832 bytes [08:20 04/08/2011] [08:20 04/08/2011] DA11D78D765E4B8FA4CFA5A37E8A94FF
C:\ProgramData\CheckPoint\ZoneAlarm\Data\ZoneAlarm.xml ------- 818 bytes [19:19 28/11/2011] [10:39 06/05/2012] 39D8F6146B8D10EFE83B9555E1C48703
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Diagnostics Tool.lnk --a---- 1096 bytes  [10:36 06/05/2012] [10:36 06/05/2012] 6C45A729F95E090DF54007F10D437C12
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Logs.lnk --a---- 730 bytes [10:36 06/05/2012] [10:36 06/05/2012] F4251299966AEFE8071AED631351A4B2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Readme.lnk --a---- 897 bytes [10:36 06/05/2012] [10:36 06/05/2012] 96528DD91E46FAA64E221B0FB49EEE83
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Security.lnk --a---- 890 bytes [10:36 06/05/2012] [10:36 06/05/2012] C5F5A25394AC57E2569B8044713D9D5E
C:\Users\All Users\CheckPoint\ZoneAlarm\Data\ZoneAlarm.xml ------- 818 bytes [19:19 28/11/2011] [10:39 06/05/2012] 39D8F6146B8D10EFE83B9555E1C48703
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Diagnostics Tool.lnk --a---- 1096 bytes [10:36 06/05/2012] [10:36 06/05/2012] 6C45A729F95E090DF54007F10D437C12
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Logs.lnk --a---- 730 bytes [10:36 06/05/2012] [10:36 06/05/2012] F4251299966AEFE8071AED631351A4B2
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Readme.lnk --a---- 897 bytes [10:36 06/05/2012] [10:36 06/05/2012] 96528DD91E46FAA64E221B0FB49EEE83
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Security.lnk --a---- 890 bytes [10:36 06/05/2012] [10:36 06/05/2012] C5F5A25394AC57E2569B8044713D9D5E
C:\Users\currys\AppData\Local\Conduit\CT2645238\ZoneAlarm_SecurityAutoUpdateHelper.exe --a---- 1811312 bytes [08:20 04/08/2011] [14:49 04/12/2011] 57D2E8FE20DE00388FE81556BCF644CB
C:\Users\Public\Desktop\ZoneAlarm Security.lnk --a---- 639 bytes [10:36 06/05/2012] [10:36 06/05/2012] C1648C8C6336319085A9141E01ACAECA

Searching for "*IObit*"
C:\Users\currys\ntuser.dat.iobit --a---- 9523200 bytes [12:33 30/06/2012] [22:45 30/06/2012] 1D0372EABFAC26767EF61DCCCA1FFC8B
C:\Users\currys\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 3227648 bytes [12:33 30/06/2012] [22:45 30/06/2012] 6FFE2FB9F66A1FEA3A3BB7740BDAC9A8
C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\IObit Freeware.url --a---- 136 bytes [10:36 22/04/2011] [10:36 22/04/2011] C6D38380E1C4930AB319F1AE2FAA183E
C:\Users\currys\Favorites\Download IObit Freeware.url --a---- 103 bytes [21:29 30/11/2011] [17:03 23/06/2012] 1CC05D805C3A8DF2CFAE8C93767B051C
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.iobit --a---- 217088 bytes [12:33 30/06/2012] [22:45 30/06/2012] 868B125BEFA04EE8051B630D9F4EA789
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.iobit --a---- 299008 bytes [12:33 30/06/2012] [22:45 30/06/2012] EC874DF5AFF48B29502CFE627A1517A1
C:\Windows\System32\config\components.iobit --a---- 38457344 bytes [12:33 30/06/2012] [22:45 30/06/2012] 7BAA4BD156BB98CC912DD8F2880F2D52
C:\Windows\System32\config\default.iobit --a---- 368640 bytes [12:33 30/06/2012] [22:45 30/06/2012] 30D8542D89C12A639FF1C16B151D6016
C:\Windows\System32\config\sam.iobit --a---- 57344 bytes [12:33 30/06/2012] [22:45 30/06/2012] D2E74A171FF1AB11469E58D1B3E239FB
C:\Windows\System32\config\security.iobit --a---- 28672 bytes [12:33 30/06/2012] [22:45 30/06/2012] 2F89C09E34E462C24D074637B2481DC8
C:\Windows\System32\config\software.iobit --a---- 60305408 bytes [12:33 30/06/2012] [22:45 30/06/2012] 8CFC42FC4609A640E48F5167FE1FFF0D
C:\Windows\System32\config\system.iobit --a---- 30273536 bytes [12:33 30/06/2012] [22:45 30/06/2012] A419A4182724147C6C66092E24C23589
C:\Windows\System32\SMI\Store\Machine\schema.dat.iobit --a---- 6684672 bytes [12:33 30/06/2012] [12:33 30/06/2012] EA8127E68CAA95AD8BF6FBB6C812A41B

Searching for "*SmartDefragDriver*"
No files found.

Searching for "*goonsearch*"
No files found.

Searching for "*searchqu*"
No files found.

Searching for "*ask.com*"
No files found.

Searching for "*babylon*"
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Interface\TeamColor\FlagDECAL_Babylon.dds --a---- 22000 bytes [23:04 23/06/2011] [10:10 30/08/2007] 0466FF1DB856D50C32001C8C75F1949B
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Structures\Buildings\Babylonian_Garden\Babylonian_Garden.nif --a---- 23440 bytes [23:04 23/06/2011] [10:10 30/08/2007] 84EA0F128622D2D39726401DDC933BD2
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Structures\Buildings\Babylonian_Garden\Babylonian_Garden_DIFF.dds --a---- 22000 bytes [23:04 23/06/2011] [10:10 30/08/2007] 8954B466D0733394596A51E1AC0B2485
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Structures\Buildings\Babylonian_Garden\Babylonian_Garden_environment_land.dds --a---- 11064 bytes [23:04 23/06/2011] [10:10 30/08/2007] 1490E93FC1320D3A1A243DF1E4A7992B
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Structures\Buildings\Babylonian_Garden\Babylonian_Garden_GLOSS.dds --a---- 11064 bytes [23:04 23/06/2011] [10:10 30/08/2007] 6845CA4D70551666125B29CA51737961
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Structures\Buildings\Babylonian_Garden\Babylonian_Garden_SHADOW.dds --a---- 22000 bytes [23:04 23/06/2011] [10:10 30/08/2007] 3F17EC09D414B99D44512C6EA3854569
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Chariot_Middle_East\Babylon_Worker_128.dds --a---- 22000 bytes [23:05 23/06/2011] [10:11 30/08/2007] 4D1F64D67E927B46807BBFC34DB1E6FB
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Chariot_Middle_East\Babylon_Worker_128_Gloss.dds --a---- 2176 bytes [23:05 23/06/2011] [10:11 30/08/2007] 80E538C24E1DB96718B6CB3B18C02E0D
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Chariot_Middle_East\Unique_Babylon_Bowman_128.dds --a---- 21632 bytes [23:05 23/06/2011] [10:11 30/08/2007] F8B55C7CB510D19B0AA88525BB7963E1
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Chariot_Middle_East\Unique_Babylon_Bowman_128_Gloss.dds --a---- 8320 bytes [23:05 23/06/2011] [10:11 30/08/2007] EDBD395C8F46702DC743D6D7BA86B141
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman.kfm --a---- 1666 bytes [23:05 23/06/2011] [10:11 30/08/2007] 48E626DDD29490506662AFD0760343D6
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman.nif --a---- 68498 bytes [23:05 23/06/2011] [10:11 30/08/2007] AFE137FFAA5C582BE913089B2EA8928B
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_128.dds --a---- 22000 bytes [23:05 23/06/2011] [10:11 30/08/2007] F196A9D394634AC567F6E98A47E9B0D4
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_128_Gloss.dds --a---- 22000 bytes [23:05 23/06/2011] [10:11 30/08/2007] C030C9FC3FAAA45DE9491ECD618AC9C5
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_Arrow_64.dds --a---- 1552 bytes [23:05 23/06/2011] [10:11 30/08/2007] 03C00006AA1A836D4C98492D144526B1
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_freeze0000.nif --a---- 25712 bytes [23:05 23/06/2011] [10:11 30/08/2007] 441A5DB363F65DD22DFA99167CC8B38B
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_freeze0001.nif --a---- 25712 bytes [23:05 23/06/2011] [10:11 30/08/2007] B686864DCAB6CCF2AF0DA13C217CF13A
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_freeze1000.nif --a---- 25712 bytes [23:05 23/06/2011] [10:11 30/08/2007] 4919C8A8C90EC8497B01FD46562DFEEE
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_freeze1031.nif --a---- 25712 bytes [23:05 23/06/2011] [10:11 30/08/2007] AC2B5170545050D651958A34F0E00D66
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_Fidget.kf --a---- 23339 bytes [23:05 23/06/2011] [10:11 30/08/2007] 28B69B65CD7C9122430323B44F0F75B4
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_Heal.kf --a---- 7697 bytes [23:05 23/06/2011] [10:11 30/08/2007] 76E008140D29B57F696BFC482611A200
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_Idle.kf --a---- 22161 bytes [23:05 23/06/2011] [10:11 30/08/2007] 4C5CC447131B76CA953CA792F1E8EE3D
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_RangedDieA.kf --a---- 10382 bytes [23:05 23/06/2011] [10:11 30/08/2007] DD7001DC3A06AC173D4853B6B1FBDB4C
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_RangedDieA_Fade.kf --a---- 4549 bytes [23:05 23/06/2011] [10:11 30/08/2007] 069FD82764E81B2F3EFDD0B2DA090B1B
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_RangedDieB.kf --a---- 13151 bytes [23:05 23/06/2011] [10:11 30/08/2007] C38EF6C2EAB9CE273A60A9ABB8B495B2
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_RangedDieB_Fade.kf --a---- 4485 bytes [23:05 23/06/2011] [10:11 30/08/2007] 268147B8ED9ED217C9BA2769D353C5CC
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_RangedFortify.kf --a---- 7483 bytes [23:05 23/06/2011] [10:11 30/08/2007] EE56769D3C135458C1D03E503D71ED1A
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_RangedStrike.kf --a---- 8955 bytes [23:05 23/06/2011] [10:11 30/08/2007] 92DC2FFB60F5473CF26AC2BE1BCCD879
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_Ranged_Idle.kf --a---- 18352 bytes [23:05 23/06/2011] [10:11 30/08/2007] 57A1F691C6E160955D6E6574CDB4B59D
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_Run.kf --a---- 7414 bytes [23:05 23/06/2011] [10:11 30/08/2007] 6A493D2418C261AF47B4634834C292F5
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_XFadeIn.kf --a---- 898 bytes [23:05 23/06/2011] [10:11 30/08/2007] 01C417DD3534CD07AFF1F3C5B08446A9
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Longbowman_Middle_East\Unique_Babylon_Bowman_MD_XFadeOut.kf --a---- 853 bytes [23:05 23/06/2011] [10:11 30/08/2007] 6EF958AE973CFC6F314F821BAD68FAF4
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman.kfm --a---- 1666 bytes [23:05 23/06/2011] [10:12 30/08/2007] 48E626DDD29490506662AFD0760343D6
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman.nif --a---- 72531 bytes [23:06 23/06/2011] [10:12 30/08/2007] 4A6BDC53713CA9E7C2F8E93413BFD4B3
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_128.dds --a---- 22000 bytes [23:05 23/06/2011] [10:12 30/08/2007] F196A9D394634AC567F6E98A47E9B0D4
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_128_Gloss.dds --a---- 22000 bytes [23:05 23/06/2011] [10:12 30/08/2007] C030C9FC3FAAA45DE9491ECD618AC9C5
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_Arrow_64.dds --a---- 1552 bytes [23:05 23/06/2011] [10:12 30/08/2007] 03C00006AA1A836D4C98492D144526B1
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_freeze0000.nif --a---- 27083 bytes [23:06 23/06/2011] [10:12 30/08/2007] 13DB9B2278E9B071E9ED090D2740590E
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_freeze0001.nif --a---- 27083 bytes [23:06 23/06/2011] [10:12 30/08/2007] 6EEF07A834F5573B3017BB18B2131C93
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_freeze1000.nif --a---- 26943 bytes [23:06 23/06/2011] [10:12 30/08/2007] BAD065C4A30DB4EB2AF36D861B942723
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_freeze1031.nif --a---- 27083 bytes [23:06 23/06/2011] [10:12 30/08/2007] B8F95BFAA31D28B809439068A752349D
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_FX.nif --a---- 70653 bytes [23:06 23/06/2011] [10:12 30/08/2007] 9BD68B1924165A2DBED74D2F8759D79A
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_Fidget.kf --a---- 23339 bytes [23:05 23/06/2011] [10:12 30/08/2007] 28B69B65CD7C9122430323B44F0F75B4
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_Heal.kf --a---- 7697 bytes [23:05 23/06/2011] [10:12 30/08/2007] 76E008140D29B57F696BFC482611A200
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_Idle.kf --a---- 22161 bytes [23:05 23/06/2011] [10:12 30/08/2007] 4C5CC447131B76CA953CA792F1E8EE3D
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_RangedDieA.kf --a---- 10382 bytes [23:05 23/06/2011] [10:12 30/08/2007] DD7001DC3A06AC173D4853B6B1FBDB4C
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_RangedDieA_Fade.kf --a---- 4549 bytes [23:05 23/06/2011] [10:12 30/08/2007] 069FD82764E81B2F3EFDD0B2DA090B1B
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_RangedDieB.kf --a---- 13151 bytes [23:05 23/06/2011] [10:12 30/08/2007] C38EF6C2EAB9CE273A60A9ABB8B495B2
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_RangedDieB_Fade.kf --a---- 4485 bytes [23:05 23/06/2011] [10:12 30/08/2007] 268147B8ED9ED217C9BA2769D353C5CC
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_RangedFortify.kf --a---- 7483 bytes [23:05 23/06/2011] [10:12 30/08/2007] EE56769D3C135458C1D03E503D71ED1A
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_RangedStrike.kf --a---- 8955 bytes [23:05 23/06/2011] [10:12 30/08/2007] 92DC2FFB60F5473CF26AC2BE1BCCD879
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_Ranged_Idle.kf --a---- 18352 bytes [23:05 23/06/2011] [10:12 30/08/2007] 57A1F691C6E160955D6E6574CDB4B59D
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_Run.kf --a---- 7414 bytes [23:05 23/06/2011] [10:12 30/08/2007] 6A493D2418C261AF47B4634834C292F5
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_XFadeIn.kf --a---- 898 bytes [23:05 23/06/2011] [10:12 30/08/2007] 01C417DD3534CD07AFF1F3C5B08446A9
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman\Unique_Babylon_Bowman_MD_XFadeOut.kf --a---- 853 bytes [23:05 23/06/2011] [10:12 30/08/2007] 6EF958AE973CFC6F314F821BAD68FAF4
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Worker_Middle_East\Unique_Babylon_Bowman_128.dds --a---- 22000 bytes [23:06 23/06/2011] [10:12 30/08/2007] 0C6DCA2D24794766863B44F0260B26C2
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Worker_Middle_East\Unique_Babylon_Bowman_128_Gloss.dds --a---- 8320 bytes [23:05 23/06/2011] [10:12 30/08/2007] 7A4F186050CA1F1A4DE4C146FD90739D
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-000.wav --a---- 12736 bytes [23:07 23/06/2011] [10:12 30/08/2007] 92728529BB97C219031852BB60484C9F
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-001.wav --a---- 6704 bytes [23:07 23/06/2011] [10:12 30/08/2007] A9E6E840570726C363DE140F528F87B4
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-002.wav --a---- 7536 bytes [23:07 23/06/2011] [10:12 30/08/2007] B1C183E9EA60DDFC0E72D7C6FB247EF1
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-003.wav --a---- 10580 bytes [23:07 23/06/2011] [10:12 30/08/2007] AABEE294F2069A5BAA3DD33F9461F3D9
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-004.wav --a---- 15912 bytes [23:07 23/06/2011] [10:12 30/08/2007] CB61DD9D340EBD5F0748C6F3943EB425
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-005.wav --a---- 12520 bytes [23:07 23/06/2011] [10:12 30/08/2007] 0701B1DD21982E382C76E4494EB475AC
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-006.wav --a---- 9084 bytes [23:07 23/06/2011] [10:12 30/08/2007] 151E015E40482CCDCE66A12DCA2BD001
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-007.wav --a---- 16392 bytes [23:07 23/06/2011] [10:12 30/08/2007] 4B1ED3B134662EA2AA402460E80D3E92
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-008.wav --a---- 10360 bytes [23:07 23/06/2011] [10:12 30/08/2007] 360B84ED0FA0CECD1B9F1CA5314797AD
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonOrder-009.wav --a---- 27340 bytes [23:07 23/06/2011] [10:12 30/08/2007] DBB7198D771893E5DDDDFB5960B65616
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-000.wav --a---- 20540 bytes [23:07 23/06/2011] [10:12 30/08/2007] D542B96A0769D4C018083FA6802D3903
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-001.wav --a---- 10056 bytes [23:07 23/06/2011] [10:12 30/08/2007] A320BF2015DBED0D40816F18E284C3D2
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-002.wav --a---- 10028 bytes [23:07 23/06/2011] [10:12 30/08/2007] 1681C8721902D408F1F4B01591E8A24A
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-003.wav --a---- 18880 bytes [23:07 23/06/2011] [10:12 30/08/2007] 231ACE0AE12AAB3D1EDF813A0030DA11
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-004.wav --a---- 14676 bytes [23:07 23/06/2011] [10:12 30/08/2007] BA6D5EB9F10B969192638E1B6E753E1E
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-005.wav --a---- 11796 bytes [23:07 23/06/2011] [10:12 30/08/2007] 8C6E482C826FB1D19166C8879F1CD2E2
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-006.wav --a---- 6704 bytes [23:07 23/06/2011] [10:12 30/08/2007] A8236C5788E66926692390B864E7AFC8
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-007.wav --a---- 9224 bytes [23:07 23/06/2011] [10:12 30/08/2007] 4C1C5174F844172DA2DD74740AC50706
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-008.wav --a---- 15036 bytes [23:07 23/06/2011] [10:12 30/08/2007] 8CD2906B92FB7C9AFD7453F771B10080
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Sounds\Units\BabylonSelect-009.wav --a---- 27340 bytes [23:07 23/06/2011] [10:12 30/08/2007] C992650800600179D8ABF505BC6A0A54
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Mods\Rhye's and Fall of Civilization\Assets\Art\Interface\Buttons\civilizations\babylonia.dds --a---- 5616 bytes [23:12 23/06/2011] [10:16 30/08/2007] 7845B9023D4844A2E6F10C00E6B202F3
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Mods\Rhye's and Fall of Civilization\Assets\XML\Text\Babylon_TextInfos_Objects.xml --a---- 6812 bytes [23:12 23/06/2011] [03:00 11/09/2007] F1C436931E15BBE5485BA6727994A531
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip --a---- 551 bytes [21:05 28/01/2012] [21:05 28/01/2012] D3DC0CDCA8224147A94CCAE3B7892846
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip --a---- 731 bytes [21:05 28/01/2012] [21:05 28/01/2012] 55D99B78EFC6DB4D2A4A80A796042744
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip --a---- 637 bytes [21:05 28/01/2012] [21:05 28/01/2012] B694C5EC1F5D31E805D270E2CC418368
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip --a---- 596 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0493E7326155521EC71A032CDF455AE8
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip --a---- 653 bytes [21:05 28/01/2012] [21:05 28/01/2012] 2015BB3E0A9E1DFBF2758AD205BBC69D
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip --a---- 592 bytes [21:05 28/01/2012] [21:05 28/01/2012] 8D47462367FE1A5A019B8058D096F7F1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip --a---- 549 bytes [21:05 28/01/2012] [21:05 28/01/2012] FC4DFD06C51D1D69BE4B2C32D62B57B3
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip --a---- 551 bytes [21:05 28/01/2012] [21:05 28/01/2012] 115DD6C6303EAE99B1E98641FD12E7FB
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip --a---- 539 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7629511B6A5606A55E5C178D894F7286
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip --a---- 542 bytes [21:05 28/01/2012] [21:05 28/01/2012] 6AD2268095B8587CA2F3F37DAD68963C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip --a---- 636 bytes [21:05 28/01/2012] [21:05 28/01/2012] 72C06B6E2A5DD503FED0C160C220AE1D
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip --a---- 592 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7C696ED9B56D75DBD8B8F5817298DB0F
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip --a---- 1042921 bytes [21:05 28/01/2012] [21:05 28/01/2012] 8DC86B72A2D123D6790FDB86244BDAD0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip --a---- 649 bytes [21:05 28/01/2012] [21:05 28/01/2012] B747E0A686BCF36D38F612CB965A6111
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip --a---- 589 bytes [21:05 28/01/2012] [21:05 28/01/2012] 283B59784459743F8CCCE13E9E5066FB
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip --a---- 548 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0EC6C8FDBB230B372DFCCDAD7DD1BE38
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip --a---- 549 bytes [21:05 28/01/2012] [21:05 28/01/2012] 986EC5513790477C8903972D5F4A559F
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip --a---- 630 bytes [21:05 28/01/2012] [21:05 28/01/2012] D9B13AFFDCAB4195A578BD1597051A65
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip --a---- 540 bytes [21:05 28/01/2012] [21:05 28/01/2012] 26A887B5BA795EC574C92D2D83DE86EE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip --a---- 544 bytes [21:05 28/01/2012] [21:05 28/01/2012] B3702E754EFAE23BE41E5A69589B1D4E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip --a---- 640 bytes [21:05 28/01/2012] [21:05 28/01/2012] DF9EB44D9E3525BF8EC08C9D2A313F0F
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip --a---- 597 bytes [21:05 28/01/2012] [21:05 28/01/2012] 41CE6C052314F7C19CF595C715FF4E31
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip --a---- 652 bytes [21:05 28/01/2012] [21:05 28/01/2012] 451181CB3C05AF1329F62C82899CC725
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip --a---- 1042924 bytes [21:05 28/01/2012] [21:05 28/01/2012] 51ED3BB804F7960E97F02ED6510396BA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip --a---- 592 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0044525E226A58650C2CF2E12F07ED73
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip --a---- 548 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7BC1BE427F2DE5C3D54E2D0E74916E02
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip --a---- 541 bytes [21:05 28/01/2012] [21:05 28/01/2012] 20EA9C4647FFFE3F06977592FE7594B5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip --a---- 548 bytes [21:05 28/01/2012] [21:05 28/01/2012] C377570215A586FC337B61B349E86432
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip --a---- 551 bytes [21:05 28/01/2012] [21:05 28/01/2012] 992124D079B637F6E42BC327690D6E3A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip --a---- 645 bytes [21:05 28/01/2012] [21:05 28/01/2012] 56CEB9FAD4A193B4BEAF242C5A73E5A9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip --a---- 705 bytes [21:05 28/01/2012] [21:05 28/01/2012] C954ACC9399324A114659B053B66B3AF
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip --a---- 598 bytes [21:05 28/01/2012] [21:05 28/01/2012] 2C6618AEE36F2EFF91C00F89877CAFA4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip --a---- 645 bytes [21:05 28/01/2012] [21:05 28/01/2012] 56502D505E8AC91EDCBCEE1F0D7ECF00
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip --a---- 739 bytes [21:05 28/01/2012] [21:05 28/01/2012] 1C454E06963E4687B91E069EE682A7DE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip --a---- 1042931 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7F47394F0CBEC3C7968ADEB086023EAF
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip --a---- 595 bytes [21:05 28/01/2012] [21:05 28/01/2012] F2EBD73F2ACA19AEBBC2B896F30BE223
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip --a---- 549 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0AD2A3992C3551E617A05645921D58DE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip --a---- 611 bytes [21:05 28/01/2012] [21:05 28/01/2012] A13C99E78F5FCEB76B6A3F168C6432CE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip --a---- 612 bytes [21:05 28/01/2012] [21:05 28/01/2012] 3E282072ECFAAF9AA8B8A7C6FA8587B7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip --a---- 538 bytes [21:05 28/01/2012] [21:05 28/01/2012] 464819912452D10CA3555F789E75E0F3
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip --a---- 547 bytes [21:05 28/01/2012] [21:05 28/01/2012] E96CE1A24F15828F007C83F5EF1390FE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip --a---- 550 bytes [21:05 28/01/2012] [21:05 28/01/2012] 21ADB1647F0CF8FA47DE8530C03A0698
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip --a---- 637 bytes [21:05 28/01/2012] [21:05 28/01/2012] 46ED61937BC07EA5FEC430A657B5DDF2
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip --a---- 597 bytes [21:05 28/01/2012] [21:05 28/01/2012] 72F38657769AA8587DC6716F1C78F09C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip --a---- 647 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7D0A9FFBF374673DBA2217519128F550
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip --a---- 124705 bytes [21:05 28/01/2012] [21:05 28/01/2012] B3E37A19D52E4DBF30BA67E45FEABF6F
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip --a---- 594 bytes [21:05 28/01/2012] [21:05 28/01/2012] F0F9C25AA6EF515DC43549055F9809C7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip --a---- 567 bytes [21:05 28/01/2012] [21:05 28/01/2012] 900BC9761928D2A81616025DABB5D2A0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar52.zip --a---- 568 bytes [21:05 28/01/2012] [21:05 28/01/2012] AA4AED7EC5568F2E04501E420CB7EEA6
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar53.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 4508D720BC5918E6B84A54D7DDF93E7C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar54.zip --a---- 569 bytes [21:05 28/01/2012] [21:05 28/01/2012] C3880E8B2B5AFD7D805B4B2A80E4CD4A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar55.zip --a---- 567 bytes [21:05 28/01/2012] [21:05 28/01/2012] 9525B801F0FE3390C8F3E4377CD6A048
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar56.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 52CF42534D72EE8B631EA30AE6D63D09
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar57.zip --a---- 568 bytes [21:05 28/01/2012] [21:05 28/01/2012] C478E4D5683FA0F443E300A062CF89B5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar58.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 8DC8DEA75A4C2B752BCCCF06B440E586
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar59.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 67F00AA272D03CD870E118021606800E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip --a---- 683 bytes [21:05 28/01/2012] [21:05 28/01/2012] 31E17DE5B3303D7753FE8D2C9844BA7B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar60.zip --a---- 567 bytes [21:05 28/01/2012] [21:05 28/01/2012] 17F128C548A1EF046DC0CF903A9F8818
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar61.zip --a---- 550 bytes [21:05 28/01/2012] [21:05 28/01/2012] 5C72BBE1949D3F8E686A01CCD5509FDC
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar62.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 533F4E71A8AB798BCEE6C0B5CABD3364
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar63.zip --a---- 500 bytes [21:05 28/01/2012] [21:05 28/01/2012] BCDAACE8985469652F807F2730CFE920
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar64.zip --a---- 309 bytes [11:30 13/03/2012] [11:30 13/03/2012] 74AC79AF159148988F45543AAFEF2B77
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar65.zip --a---- 1625 bytes [11:30 13/03/2012] [11:30 13/03/2012] EA5E1F4021BA154FE05C1F77C9A9CD24
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar66.zip --a---- 3372005 bytes [11:30 13/03/2012] [11:30 13/03/2012] B605FD1F55FBF40BB13862C04767121B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip --a---- 492 bytes [11:30 13/03/2012] [11:30 13/03/2012] A489C7F88E3AAA7A825D0ED432734BD4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar68.zip --a---- 550 bytes [00:40 04/06/2012] [00:40 04/06/2012] 41105D21A058E743D81865FA8C858D24
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar69.zip --a---- 551 bytes [00:40 04/06/2012] [00:40 04/06/2012] 2B47F8E41617B11358901B25089D1685
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip --a---- 638 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7A4A816A8CC2FA266696863CCA19EE21
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip --a---- 541 bytes [00:40 04/06/2012] [00:40 04/06/2012] 9F6E5B96FD21370A9F3A08B2CB0C465A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar71.zip --a---- 544 bytes [00:40 04/06/2012] [00:40 04/06/2012] DD2B4234CEBBC0D5E96FB76563D10F3D
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip --a---- 642 bytes [00:40 04/06/2012] [00:40 04/06/2012] 5AEB1E9162061301E9ABFF18C26F8260
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar73.zip --a---- 597 bytes [00:40 04/06/2012] [00:40 04/06/2012] 96FE5AE3E353F25548EAF7A73CBCF048
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar74.zip --a---- 644 bytes [00:40 04/06/2012] [00:40 04/06/2012] EEC7B22B065CAEAA300C86FF0252306B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar75.zip --a---- 593 bytes [00:40 04/06/2012] [00:40 04/06/2012] 493014707682518C91872232F89E5F7C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar76.zip --a---- 551 bytes [23:09 19/06/2012] [23:09 19/06/2012] 45263984673EE387036B93CFA546183A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar77.zip --a---- 552 bytes [23:09 19/06/2012] [23:09 19/06/2012] C729741C0423CC1D3CB3745A580A4D5A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar78.zip --a---- 540 bytes [23:09 19/06/2012] [23:09 19/06/2012] 802649ED579950E9A76F18532EA859D9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar79.zip --a---- 544 bytes [23:09 19/06/2012] [23:09 19/06/2012] 8DD013D237C55765FD42719BA85C8B30
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip --a---- 542 bytes [21:05 28/01/2012] [21:05 28/01/2012] 9CD6D0129DAC4E482029F24FE0F657C4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar80.zip --a---- 642 bytes [23:09 19/06/2012] [23:09 19/06/2012] 19280CED1D8390990A175AC2807239A7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar81.zip --a---- 597 bytes [23:09 19/06/2012] [23:09 19/06/2012] 2F2699993F08F9179940C6F1A9271FFE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar82.zip --a---- 644 bytes [23:09 19/06/2012] [23:09 19/06/2012] AE3FB0A40D9CE43CA35088D2273637C1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar83.zip --a---- 592 bytes [23:09 19/06/2012] [23:09 19/06/2012] D0F8B741F9FB35401C67240D9704B80E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar84.zip --a---- 597 bytes [23:09 19/06/2012] [23:09 19/06/2012] F3862BCAA9B75AF71A1FD497B2B4E608
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar85.zip --a---- 644 bytes [23:09 19/06/2012] [23:09 19/06/2012] 2D2E33FD03A7E4EC90E24A2AF58AC523
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar86.zip --a---- 592 bytes [23:09 19/06/2012] [23:09 19/06/2012] 74CBD93A747D09B56D9F20371AB857B9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar87.zip --a---- 551 bytes [10:57 30/06/2012] [10:57 30/06/2012] 565D8B04EA9466D3D12BC4B7EBB24028
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar88.zip --a---- 551 bytes [10:57 30/06/2012] [10:57 30/06/2012] 624296A1F4231EA88A098EF8BFB3251B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar89.zip --a---- 541 bytes [10:57 30/06/2012] [10:57 30/06/2012] 506A655027E77E16A34F525425DB6374
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip --a---- 545 bytes [21:05 28/01/2012] [21:05 28/01/2012] 1FC9828EE4B72A352CD9A96B7A9BF438
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar90.zip --a---- 544 bytes [10:57 30/06/2012] [10:57 30/06/2012] DA1AFAD33FB3B05EA599AD0E523DFD18
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar91.zip --a---- 642 bytes [10:57 30/06/2012] [10:57 30/06/2012] 0011DDB235C6BF70E98EF05F136EA85C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar92.zip --a---- 597 bytes [10:57 30/06/2012] [10:57 30/06/2012] EE214072C589ED5DCF5279220B5B4C83
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar93.zip --a---- 644 bytes [10:57 30/06/2012] [10:57 30/06/2012] 83FE2DE1BE9059667734CA75F918E378
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar94.zip --a---- 593 bytes [10:57 30/06/2012] [10:57 30/06/2012] 0EAC9E6BDA732F6B6A284175095088A6
C:\Qoobox\Quarantine\C\Program Files\file2linkib\chrome\skin\babylon_logo.png.vir --a---- 3577 bytes [13:51 25/10/2011] [13:51 25/10/2011] 30FF3A31EDC0442F934F703C26B9F572
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip --a---- 551 bytes [21:05 28/01/2012] [21:05 28/01/2012] D3DC0CDCA8224147A94CCAE3B7892846
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip --a---- 731 bytes [21:05 28/01/2012] [21:05 28/01/2012] 55D99B78EFC6DB4D2A4A80A796042744
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip --a---- 637 bytes [21:05 28/01/2012] [21:05 28/01/2012] B694C5EC1F5D31E805D270E2CC418368
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip --a---- 596 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0493E7326155521EC71A032CDF455AE8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip --a---- 653 bytes [21:05 28/01/2012] [21:05 28/01/2012] 2015BB3E0A9E1DFBF2758AD205BBC69D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip --a---- 592 bytes [21:05 28/01/2012] [21:05 28/01/2012] 8D47462367FE1A5A019B8058D096F7F1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip --a---- 549 bytes [21:05 28/01/2012] [21:05 28/01/2012] FC4DFD06C51D1D69BE4B2C32D62B57B3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip --a---- 551 bytes [21:05 28/01/2012] [21:05 28/01/2012] 115DD6C6303EAE99B1E98641FD12E7FB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip --a---- 539 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7629511B6A5606A55E5C178D894F7286
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip --a---- 542 bytes [21:05 28/01/2012] [21:05 28/01/2012] 6AD2268095B8587CA2F3F37DAD68963C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip --a---- 636 bytes [21:05 28/01/2012] [21:05 28/01/2012] 72C06B6E2A5DD503FED0C160C220AE1D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip --a---- 592 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7C696ED9B56D75DBD8B8F5817298DB0F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip --a---- 1042921 bytes [21:05 28/01/2012] [21:05 28/01/2012] 8DC86B72A2D123D6790FDB86244BDAD0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip --a---- 649 bytes [21:05 28/01/2012] [21:05 28/01/2012] B747E0A686BCF36D38F612CB965A6111
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip --a---- 589 bytes [21:05 28/01/2012] [21:05 28/01/2012] 283B59784459743F8CCCE13E9E5066FB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip --a---- 548 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0EC6C8FDBB230B372DFCCDAD7DD1BE38
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip --a---- 549 bytes [21:05 28/01/2012] [21:05 28/01/2012] 986EC5513790477C8903972D5F4A559F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip --a---- 630 bytes [21:05 28/01/2012] [21:05 28/01/2012] D9B13AFFDCAB4195A578BD1597051A65
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip --a---- 540 bytes [21:05 28/01/2012] [21:05 28/01/2012] 26A887B5BA795EC574C92D2D83DE86EE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip --a---- 544 bytes [21:05 28/01/2012] [21:05 28/01/2012] B3702E754EFAE23BE41E5A69589B1D4E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip --a---- 640 bytes [21:05 28/01/2012] [21:05 28/01/2012] DF9EB44D9E3525BF8EC08C9D2A313F0F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip --a---- 597 bytes [21:05 28/01/2012] [21:05 28/01/2012] 41CE6C052314F7C19CF595C715FF4E31
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip --a---- 652 bytes [21:05 28/01/2012] [21:05 28/01/2012] 451181CB3C05AF1329F62C82899CC725
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip --a---- 1042924 bytes [21:05 28/01/2012] [21:05 28/01/2012] 51ED3BB804F7960E97F02ED6510396BA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip --a---- 592 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0044525E226A58650C2CF2E12F07ED73
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip --a---- 548 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7BC1BE427F2DE5C3D54E2D0E74916E02
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip --a---- 541 bytes [21:05 28/01/2012] [21:05 28/01/2012] 20EA9C4647FFFE3F06977592FE7594B5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip --a---- 548 bytes [21:05 28/01/2012] [21:05 28/01/2012] C377570215A586FC337B61B349E86432
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip --a---- 551 bytes [21:05 28/01/2012] [21:05 28/01/2012] 992124D079B637F6E42BC327690D6E3A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip --a---- 645 bytes [21:05 28/01/2012] [21:05 28/01/2012] 56CEB9FAD4A193B4BEAF242C5A73E5A9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip --a---- 705 bytes [21:05 28/01/2012] [21:05 28/01/2012] C954ACC9399324A114659B053B66B3AF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip --a---- 598 bytes [21:05 28/01/2012] [21:05 28/01/2012] 2C6618AEE36F2EFF91C00F89877CAFA4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip --a---- 645 bytes [21:05 28/01/2012] [21:05 28/01/2012] 56502D505E8AC91EDCBCEE1F0D7ECF00
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip --a---- 739 bytes [21:05 28/01/2012] [21:05 28/01/2012] 1C454E06963E4687B91E069EE682A7DE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip --a---- 1042931 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7F47394F0CBEC3C7968ADEB086023EAF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip --a---- 595 bytes [21:05 28/01/2012] [21:05 28/01/2012] F2EBD73F2ACA19AEBBC2B896F30BE223
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip --a---- 549 bytes [21:05 28/01/2012] [21:05 28/01/2012] 0AD2A3992C3551E617A05645921D58DE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip --a---- 611 bytes [21:05 28/01/2012] [21:05 28/01/2012] A13C99E78F5FCEB76B6A3F168C6432CE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip --a---- 612 bytes [21:05 28/01/2012] [21:05 28/01/2012] 3E282072ECFAAF9AA8B8A7C6FA8587B7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip --a---- 538 bytes [21:05 28/01/2012] [21:05 28/01/2012] 464819912452D10CA3555F789E75E0F3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip --a---- 547 bytes [21:05 28/01/2012] [21:05 28/01/2012] E96CE1A24F15828F007C83F5EF1390FE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip --a---- 550 bytes [21:05 28/01/2012] [21:05 28/01/2012] 21ADB1647F0CF8FA47DE8530C03A0698
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip --a---- 637 bytes [21:05 28/01/2012] [21:05 28/01/2012] 46ED61937BC07EA5FEC430A657B5DDF2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip --a---- 597 bytes [21:05 28/01/2012] [21:05 28/01/2012] 72F38657769AA8587DC6716F1C78F09C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip --a---- 647 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7D0A9FFBF374673DBA2217519128F550
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip --a---- 124705 bytes [21:05 28/01/2012] [21:05 28/01/2012] B3E37A19D52E4DBF30BA67E45FEABF6F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip --a---- 594 bytes [21:05 28/01/2012] [21:05 28/01/2012] F0F9C25AA6EF515DC43549055F9809C7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip --a---- 567 bytes [21:05 28/01/2012] [21:05 28/01/2012] 900BC9761928D2A81616025DABB5D2A0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar52.zip --a---- 568 bytes [21:05 28/01/2012] [21:05 28/01/2012] AA4AED7EC5568F2E04501E420CB7EEA6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar53.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 4508D720BC5918E6B84A54D7DDF93E7C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar54.zip --a---- 569 bytes [21:05 28/01/2012] [21:05 28/01/2012] C3880E8B2B5AFD7D805B4B2A80E4CD4A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar55.zip --a---- 567 bytes [21:05 28/01/2012] [21:05 28/01/2012] 9525B801F0FE3390C8F3E4377CD6A048
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar56.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 52CF42534D72EE8B631EA30AE6D63D09
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar57.zip --a---- 568 bytes [21:05 28/01/2012] [21:05 28/01/2012] C478E4D5683FA0F443E300A062CF89B5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar58.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 8DC8DEA75A4C2B752BCCCF06B440E586
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar59.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 67F00AA272D03CD870E118021606800E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip --a---- 683 bytes [21:05 28/01/2012] [21:05 28/01/2012] 31E17DE5B3303D7753FE8D2C9844BA7B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar60.zip --a---- 567 bytes [21:05 28/01/2012] [21:05 28/01/2012] 17F128C548A1EF046DC0CF903A9F8818
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar61.zip --a---- 550 bytes [21:05 28/01/2012] [21:05 28/01/2012] 5C72BBE1949D3F8E686A01CCD5509FDC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar62.zip --a---- 566 bytes [21:05 28/01/2012] [21:05 28/01/2012] 533F4E71A8AB798BCEE6C0B5CABD3364
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar63.zip --a---- 500 bytes [21:05 28/01/2012] [21:05 28/01/2012] BCDAACE8985469652F807F2730CFE920
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar64.zip --a---- 309 bytes [11:30 13/03/2012] [11:30 13/03/2012] 74AC79AF159148988F45543AAFEF2B77
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar65.zip --a---- 1625 bytes [11:30 13/03/2012] [11:30 13/03/2012] EA5E1F4021BA154FE05C1F77C9A9CD24
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar66.zip --a---- 3372005 bytes [11:30 13/03/2012] [11:30 13/03/2012] B605FD1F55FBF40BB13862C04767121B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip --a---- 492 bytes [11:30 13/03/2012] [11:30 13/03/2012] A489C7F88E3AAA7A825D0ED432734BD4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar68.zip --a---- 550 bytes [00:40 04/06/2012] [00:40 04/06/2012] 41105D21A058E743D81865FA8C858D24
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar69.zip --a---- 551 bytes [00:40 04/06/2012] [00:40 04/06/2012] 2B47F8E41617B11358901B25089D1685
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip --a---- 638 bytes [21:05 28/01/2012] [21:05 28/01/2012] 7A4A816A8CC2FA266696863CCA19EE21
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip --a---- 541 bytes [00:40 04/06/2012] [00:40 04/06/2012] 9F6E5B96FD21370A9F3A08B2CB0C465A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar71.zip --a---- 544 bytes [00:40 04/06/2012] [00:40 04/06/2012] DD2B4234CEBBC0D5E96FB76563D10F3D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip --a---- 642 bytes [00:40 04/06/2012] [00:40 04/06/2012] 5AEB1E9162061301E9ABFF18C26F8260
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar73.zip --a---- 597 bytes [00:40 04/06/2012] [00:40 04/06/2012] 96FE5AE3E353F25548EAF7A73CBCF048
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar74.zip --a---- 644 bytes [00:40 04/06/2012] [00:40 04/06/2012] EEC7B22B065CAEAA300C86FF0252306B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar75.zip --a---- 593 bytes [00:40 04/06/2012] [00:40 04/06/2012] 493014707682518C91872232F89E5F7C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar76.zip --a---- 551 bytes [23:09 19/06/2012] [23:09 19/06/2012] 45263984673EE387036B93CFA546183A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar77.zip --a---- 552 bytes [23:09 19/06/2012] [23:09 19/06/2012] C729741C0423CC1D3CB3745A580A4D5A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar78.zip --a---- 540 bytes [23:09 19/06/2012] [23:09 19/06/2012] 802649ED579950E9A76F18532EA859D9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar79.zip --a---- 544 bytes [23:09 19/06/2012] [23:09 19/06/2012] 8DD013D237C55765FD42719BA85C8B30
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip --a---- 542 bytes [21:05 28/01/2012] [21:05 28/01/2012] 9CD6D0129DAC4E482029F24FE0F657C4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar80.zip --a---- 642 bytes [23:09 19/06/2012] [23:09 19/06/2012] 19280CED1D8390990A175AC2807239A7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar81.zip --a---- 597 bytes [23:09 19/06/2012] [23:09 19/06/2012] 2F2699993F08F9179940C6F1A9271FFE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar82.zip --a---- 644 bytes [23:09 19/06/2012] [23:09 19/06/2012] AE3FB0A40D9CE43CA35088D2273637C1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar83.zip --a---- 592 bytes [23:09 19/06/2012] [23:09 19/06/2012] D0F8B741F9FB35401C67240D9704B80E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar84.zip --a---- 597 bytes [23:09 19/06/2012] [23:09 19/06/2012] F3862BCAA9B75AF71A1FD497B2B4E608
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar85.zip --a---- 644 bytes [23:09 19/06/2012] [23:09 19/06/2012] 2D2E33FD03A7E4EC90E24A2AF58AC523
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar86.zip --a---- 592 bytes [23:09 19/06/2012] [23:09 19/06/2012] 74CBD93A747D09B56D9F20371AB857B9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar87.zip --a---- 551 bytes [10:57 30/06/2012] [10:57 30/06/2012] 565D8B04EA9466D3D12BC4B7EBB24028
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar88.zip --a---- 551 bytes [10:57 30/06/2012] [10:57 30/06/2012] 624296A1F4231EA88A098EF8BFB3251B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar89.zip --a---- 541 bytes [10:57 30/06/2012] [10:57 30/06/2012] 506A655027E77E16A34F525425DB6374
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip --a---- 545 bytes [21:05 28/01/2012] [21:05 28/01/2012] 1FC9828EE4B72A352CD9A96B7A9BF438
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar90.zip --a---- 544 bytes [10:57 30/06/2012] [10:57 30/06/2012] DA1AFAD33FB3B05EA599AD0E523DFD18
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar91.zip --a---- 642 bytes [10:57 30/06/2012] [10:57 30/06/2012] 0011DDB235C6BF70E98EF05F136EA85C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar92.zip --a---- 597 bytes [10:57 30/06/2012] [10:57 30/06/2012] EE214072C589ED5DCF5279220B5B4C83
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar93.zip --a---- 644 bytes [10:57 30/06/2012] [10:57 30/06/2012] 83FE2DE1BE9059667734CA75F918E378
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar94.zip --a---- 593 bytes [10:57 30/06/2012] [10:57 30/06/2012] 0EAC9E6BDA732F6B6A284175095088A6

Searching for "*ibryte*"
C:\Users\currys\AppData\Local\ApplicationHistory\iBryteDesktop.exe.df844634.ini --a---- 2227 bytes [09:12 02/10/2011] [18:25 05/12/2011] 06249F3B08F80EC7CCC78D1C703D045E
C:\Users\currys\AppData\Local\ApplicationHistory\ibryte_installer.exe.e72fda6d.ini --a---- 2125 bytes [22:37 01/10/2011] [22:37 01/10/2011] A8068185C5222157D2C647DFA5B95B6C

Searching for "*MyStart*"
C:\Qoobox\Quarantine\C\Program Files\file2linkib\chrome\content\newtab\newtab_mystart.html.vir --a---- 5816 bytes [13:51 25/10/2011] [13:51 25/10/2011] 1CF001A4E176A483AC570123FABD64E1
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\MyStart Search.xml --a---- 2203 bytes [13:03 23/06/2012] [13:03 23/06/2012] 70CB5F2DEC382A937224295149304474

Searching for "*uTorrentBar*"
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar --a---- 713115 bytes [10:56 22/01/2012] [11:47 11/01/2012] 0E4E8DE71F59F404FB7056BFCDB856EC

Searching for "*WiseConvert*"
C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\CT3196716\externalmenu\http___tools_wiseconvert_com_tools_xml --a---- 3830 bytes [11:17 30/06/2012] [22:30 01/07/2012] 0F321C3EAEA35893F19C41384CD49F49
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\chrome\wiseconvert.jar --a---- 716986 bytes [18:38 08/07/2012] [08:38 05/07/2012] 2618DABF93565993B71FB6F274C95C63

Searching for "*Blabbers*"
No files found.

========== folderfind ==========

Searching for "*Conduit*"
C:\Program Files\Conduit d------ [10:56 22/01/2012]
C:\Program Files\ConduitEngine d------ [22:45 21/12/2010]
C:\Users\currys\AppData\Local\Conduit d------ [22:57 02/03/2011]
C:\Users\currys\AppData\LocalLow\Conduit d------ [22:45 21/12/2010]
C:\Users\currys\AppData\LocalLow\ConduitEngine d------ [22:45 21/12/2010]
C:\Users\currys\AppData\LocalLow\ConduitEngine\Repository\conduit_ConduitEngine d------ [18:52 09/03/2011]
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\Repository\conduit_CT2645238_CT2645238 d------ [19:18 28/11/2011]
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security\Repository\conduit_CT2645238_en d------ [19:18 28/11/2011]
C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\conduitCommon d------ [11:17 30/06/2012]
C:\Windows\System32\config\currys\AppData\LocalLow\Conduit d------ [22:32 10/02/2011]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine d------ [22:32 10/02/2011]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\SearchElf_1.2\Repository\conduit_CT2769726_CT2769726 d------ [22:32 10/02/2011]

Searching for "*Game Booster*"
C:\Program Files\IObit\Game Booster d------ [03:52 26/02/2011]
C:\ProgramData\IObit\Game Booster d------ [03:52 26/02/2011]
C:\ProgramData\IObit\Game Booster 3 d------ [23:37 06/09/2011]
C:\Users\All Users\IObit\Game Booster d------ [03:52 26/02/2011]
C:\Users\All Users\IObit\Game Booster 3 d------ [23:37 06/09/2011]

Searching for "*Smart Defrag*"
C:\Program Files\IObit\Smart Defrag 2 d------ [03:49 26/02/2011]
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\IObit\Smart Defrag 2 d------ [03:49 26/02/2011]

Searching for "*ZoneAlarm*"
C:\Program Files\ZoneAlarm_Security d------ [16:48 13/06/2011]
C:\Program Files\CheckPoint\ZoneAlarm d------ [19:17 28/11/2011]
C:\ProgramData\CheckPoint\ZoneAlarm d------ [16:47 13/06/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm d------ [10:36 06/05/2012]
C:\Users\All Users\CheckPoint\ZoneAlarm d------ [16:47 13/06/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm d------ [10:36 06/05/2012]
C:\Users\currys\AppData\LocalLow\ZoneAlarm_Security d------ [16:48 13/06/2011]
C:\Users\currys\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm d------ [19:45 15/05/2012]
C:\Users\currys\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar d------ [10:42 06/05/2012]
C:\Users\currys\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar d------ [16:48 13/06/2011]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm d------ [19:40 31/05/2012]

Searching for "*IObit*"
C:\Program Files\IObit d------ [00:54 06/02/2011]
C:\Program Files\IObit\IObit Malware Fighter d------ [18:17 19/05/2011]
C:\Program Files\IObit\IObit Security 360 d------ [22:37 10/02/2011]
C:\ProgramData\IObit d------ [00:54 06/02/2011]
C:\ProgramData\IObit\IObit Security 360 d------ [22:34 10/02/2011]
C:\Users\All Users\IObit d------ [00:54 06/02/2011]
C:\Users\All Users\IObit\IObit Security 360 d------ [22:34 10/02/2011]
C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit d------ [09:53 19/06/2011]
C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\IObit Malware Fighter d------ [09:53 19/06/2011]
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\IObit d----c- [22:37 10/02/2011]
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\IObit\IObit Malware Fighter d------ [18:18 19/05/2011]
C:\_OTL\MovedFiles\07102012_230543\C_Users\currys\AppData\Roaming\IObit\IObit Uninstaller d----c- [21:28 09/06/2011]
C:\_OTL\MovedFiles\07102012_230543\C_Users\Default\AppData\Roaming\IObit d----c- [11:18 04/02/2012]
C:\_OTL\MovedFiles\07102012_230543\C_Users\UpdatusUser\AppData\Roaming\IObit d----c- [09:06 24/02/2012]

Searching for "*SmartDefragDriver*"
No folders found.

Searching for "*goonsearch*"
No folders found.

Searching for "*searchqu*"
C:\Users\currys\AppData\LocalLow\searchquband d------ [22:09 18/04/2011]

Searching for "*ask.com*"
C:\Program Files\Ask.com d------ [13:02 12/10/2010]

Searching for "*babylon*"
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Structures\Buildings\Babylonian_Garden d------ [23:04 23/06/2011]
C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Assets\Art\Units\Unique_Babylon_Bowman d------ [23:05 23/06/2011]

Searching for "*ibryte*"
No folders found.

Searching for "*MyStart*"
C:\Qoobox\Quarantine\C\Program Files\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook d----c- [00:00 23/02/2012]

Searching for "*uTorrentBar*"
No folders found.

Searching for "*WiseConvert*"
No folders found.

Searching for "*Blabbers*"
No folders found.

-= EOF


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Quite a lot there, so lets see if they're showing still in AddRemove.

Open HijackThis, click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.


----------



## baffledUK (Jul 2, 2012)

32 Bit HP CIO Components Installer
32 Bit HP CIO Components Installer
4oD
Adobe AIR
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader X (10.1.3)
Advanced Disk Cleaner
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
BBC iPlayer Desktop
Bonjour
Bonjour
BT Broadband Desktop Help
CCleaner
CD & DVD Label Maker 1.2
Chanalyzer 4
Conduit Engine 
D3DX10
DivX Web Player
Football Manager 2010
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToAssist Corporate
HDReg
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HP Update
Image Writer
iTunes
Java(TM) 7 Update 5
Junk Mail filter update
LCD test
LimeWire 5.4.6
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napoleon: Total War
Nero 8 Essentials
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA Display Control Panel
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
Packard Bell ImageWriter v1.1
Packard Bell Recovery Management
PVSonyDll
QuickTime
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
RealUpgrade 1.1
RegRun Reanimator
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Segoe UI
Setup My PC
Sid Meier's Civilization 4 Complete
Sky Player
Skype 3.6
Spelling Dictionaries Support For Adobe Reader 8
Steam
SUPERAntiSpyware
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Updator
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar


----------



## eddie5659 (Mar 19, 2001)

Okay, in the AddRemove list you still have these two showing:

*
Conduit Engine
ZoneAlarm Security Toolbar*

So, if you can uninstall them, that would be better 

Also, can you do a search with SystemLook for this, as I just want to rule it out 


```
:folderfind
*Advanced Disk Cleaner*
```
And post the log.


----------



## baffledUK (Jul 2, 2012)

I am having a problem finding Conduit Engine and ZoneAlarm Security Tool bar they are not showing in AddRemove

SystemLook 30.07.11 by jpshortstuff
Log created at 23:46 on 19/07/2012 by currys
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Advanced Disk Cleaner*"
C:\Program Files\Innovative Solutions\Advanced Disk Cleaner d------ [12:54 12/10/2010]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Disk Cleaner d------ [12:54 12/10/2010]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Advanced Disk Cleaner d------ [12:54 12/10/2010]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

That's strange, as they're showing in the Uninstall list via HijackThis. I'm guessing that you can find them if you go via the Start | Programs route as well, but if you can, uninstall then do the following. Even if you can't find them via Start | Programs, then do the following anyway:

Can you delete the copy of ComboFix that you, and download a fresh copy from one of the links below:

*Link 1*
*Link 2*

Pop it on your Desktop as before, but do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\IObit Freeware.url
> C:\Users\currys\Favorites\Download IObit Freeware.url
> Folder::
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## baffledUK (Jul 2, 2012)

Eddie hope this is what you want regards Eamonn

ComboFix 12-07-21.01 - currys 22/07/2012 18:28:56.6.4 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3070.2053 [GMT 1:00]
Running from: c:\users\currys\Downloads\ComboFix.exe
Command switches used :: c:\users\currys\Desktop\CFScript.txt
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
FILE ::
"c:\users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\IObit Freeware.url"
"c:\users\currys\Favorites\Download IObit Freeware.url"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_4a69.ico
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\IObit
c:\program files\IObit\Advanced Spyware Remover\Error_Log.txt
c:\program files\IObit\Advanced Spyware Remover\IS360DataBase.db
c:\program files\IObit\Advanced Spyware Remover\license.dat
c:\program files\IObit\Advanced Spyware Remover\Quarantine Zone\eiuptuwo
c:\program files\IObit\Advanced Spyware Remover\Quarantine Zone\info.db
c:\program files\IObit\Advanced Spyware Remover\Quarantine Zone\qizxjczy
c:\program files\IObit\Advanced Spyware Remover\Quarantine Zone\vspkdjfd
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\CanoScan LiDE 20N670UN676U\CNQU70.DLL
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\CanoScan LiDE 20N670UN676U\msvcrt.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\CanoScan LiDE 20N670UN676U\N067UFW.DLL
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\CanoScan LiDE 20N670UN676U\oem12.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\CanoScan LiDE 20N670UN676U\UCS32P.DLL
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Epson Mass Storage Device\oem11.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Photosmart C4400 series (DOT4USB)\difxapi.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Photosmart C4400 series (DOT4USB)\hppldcoi.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Photosmart C4400 series (DOT4USB)\oem17.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Photosmart C4400 series\oem15.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\HP Photosmart C4400\oem14.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\dpinst.exe
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvapi.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvcod.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvcompiler.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvcuda.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvcuvenc.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvcuvid.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvd3dum.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvdisp.nvu
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvinfo.pb
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvlddmkm.sys
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvoglv32.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvudisp.exe
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\nvwgf2um.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\oem19.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 7100 NVIDIA nForce 630i\OpenCL.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA High Definition Audio\nvcohda.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA High Definition Audio\nvhda.nvu
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA High Definition Audio\nvhda32v.sys
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA High Definition Audio\nvhdap32.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA High Definition Audio\nvuhda.exe
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA High Definition Audio\oem18.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA nForce PCI System Management\oem2.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA nForce Serial ATA Controller\oem4.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Photosmart C4400 (DOT4PRINT)\oem16.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\FMAPO.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\MaxxAudioAPO.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\MaxxAudioAPO20.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\MaxxAudioEQ.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\oem5.inf
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\RtkAPO.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\RtkApoApi.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\RtkCoInst.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\RtkPgExt.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\RTKVHDA.sys
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\RTSndMgr.cpl
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\SRSHP360.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\SRSTSHD.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\SRSTSXT.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\SRSWOW.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\Drivers\Realtek High Definition Audio\WavesLib.dll
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\services.ini
c:\program files\IObit\Advanced SystemCare 3\TBconfig.ini
c:\program files\IObit\Advanced SystemCare 4\checkinfo.txt
c:\program files\IObit\Advanced SystemCare 4\LatestNews\imagenews.png
c:\program files\IObit\Advanced SystemCare 4\LatestNews\LatestNews.ini
c:\program files\IObit\Advanced SystemCare 4\License.dat
c:\program files\IObit\Advanced SystemCare 4\Main.ini
c:\program files\IObit\Advanced SystemCare 4\services.ini
c:\program files\IObit\Advanced SystemCare 4\TBconfig.ini
c:\program files\IObit\Advanced SystemCare 4\Update\Update.Ini
c:\program files\IObit\Advanced SystemCare 4\UpdateHistory.txt
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-06-24.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-06-25.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-06-26.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-06-28.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-06-29.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-06-30.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-01.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-02.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-03.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-04.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-05.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-06.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-07.log
c:\program files\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-08.log
c:\program files\IObit\Advanced SystemCare 5\BackupList.txt
c:\program files\IObit\Advanced SystemCare 5\BootTimeLog\Defrag2012-06-30(08-29-50).log
c:\program files\IObit\Advanced SystemCare 5\bugreport.txt
c:\program files\IObit\Advanced SystemCare 5\checkinfo.txt
c:\program files\IObit\Advanced SystemCare 5\LatestNews\imagenews.jpg
c:\program files\IObit\Advanced SystemCare 5\LatestNews\imagenews.png
c:\program files\IObit\Advanced SystemCare 5\LatestNews\LatestNews.ini
c:\program files\IObit\Advanced SystemCare 5\License.dat
c:\program files\IObit\Advanced SystemCare 5\Main.ini
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2468871.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2487367.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2533523.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2565063.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2585542.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2600217.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2604094.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2604105.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2604111.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2604121.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2621440.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2636927.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2641653.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2647518.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2653956.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2656351.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2656368.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2656370.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2656374.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2656405.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2656409.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2658846.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2659262.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2660649.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2665364.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2675157.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2676562.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2677070.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2679255.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2685939.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2686827.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2686833.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2688338.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2690533.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2691905.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2695962.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2699988.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2709162.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2718704.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB905866.cab
c:\program files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB915597.exe
c:\program files\IObit\Advanced SystemCare 5\SecurityHoleScan.log
c:\program files\IObit\Advanced SystemCare 5\sh.dat
c:\program files\IObit\Advanced SystemCare 5\TempResult.txt
c:\program files\IObit\Advanced SystemCare 5\Uninstall.log
c:\program files\IObit\Advanced SystemCare 5\Update\LastCheck.Ini
c:\program files\IObit\Advanced SystemCare 5\Update\Update.Ini
c:\program files\IObit\Advanced SystemCare 5\UpdateHistory.txt
c:\program files\IObit\Game Booster\gamebooster.log
c:\program files\IObit\Game Booster\GBV3ContextMenu.dll
c:\program files\IObit\Game Booster\LatestNews\imagenews.png
c:\program files\IObit\Game Booster\LatestNews\LatestNews.ini
c:\program files\IObit\Game Booster\license.dat
c:\program files\IObit\Game Booster\Update\Update.Ini
c:\program files\IObit\IObit Malware Fighter\license.dat
c:\program files\IObit\IObit Malware Fighter\log\realtime\realtime_2011-12-04-02-21 .txt
c:\program files\IObit\IObit Malware Fighter\log\realtime\realtime_2011-12-04-14-09 .txt
c:\program files\IObit\IObit Malware Fighter\log\realtime\realtime_2011-12-04-14-30 .txt
c:\program files\IObit\IObit Malware Fighter\log\realtime\realtime_2011-12-04-16-38 .txt
c:\program files\IObit\IObit Malware Fighter\log\realtime\realtime_2011-12-05-17-48 .txt
c:\program files\IObit\IObit Malware Fighter\log\scan\scan_2011-11-20-00-09 .txt
c:\program files\IObit\IObit Malware Fighter\log\scan\scan_2011-11-20-00-16 .txt
c:\program files\IObit\IObit Malware Fighter\log\scan\scan_2011-11-28-20-09 .txt
c:\program files\IObit\IObit Malware Fighter\log\scan\scan_2011-11-28-23-34 .txt
c:\program files\IObit\IObit Malware Fighter\log\scan\scan_2011-12-01-17-44 .txt
c:\program files\IObit\IObit Malware Fighter\Quarantine Zone\dqyplgbd
c:\program files\IObit\IObit Malware Fighter\Quarantine Zone\hpzrldmy
c:\program files\IObit\IObit Malware Fighter\Quarantine Zone\info.db
c:\program files\IObit\IObit Malware Fighter\unins000.exe
c:\program files\IObit\IObit Security 360\Downloaded\silverlight.exe
c:\program files\IObit\IObit Security 360\Downloaded\windows6.0-kb971029-x86.cab
c:\program files\IObit\IObit Security 360\Error_Log.txt
c:\program files\IObit\IObit Security 360\IS360DataBase.db
c:\program files\IObit\IObit Security 360\license.dat
c:\program files\IObit\IObit Security 360\Quarantine Zone\amgzyfuk
c:\program files\IObit\IObit Security 360\Quarantine Zone\hyhtuffp
c:\program files\IObit\IObit Security 360\Quarantine Zone\info.db
c:\program files\IObit\IObit Security 360\Quarantine Zone\jyztpejs
c:\program files\IObit\IObit Security 360\Quarantine Zone\odvukraq
c:\program files\IObit\IObit Security 360\Quarantine Zone\txnycnlp
c:\program files\IObit\IObit Security 360\Quarantine Zone\xrbgjyjy
c:\program files\IObit\IObit Security 360\Quarantine Zone\yuvsguxk
c:\program files\IObit\IObit Security 360\SecurityHoles.db
c:\program files\IObit\IObit Security 360\SecurityHoles.ini
c:\program files\IObit\IObit Security 360\UpdateLog.txt
c:\program files\IObit\Smart Defrag 2\bugreport.txt
c:\program files\IObit\Smart Defrag 2\DebugOutput_SmartDefrag.exe.txt
c:\program files\IObit\Smart Defrag 2\feedback.log
c:\program files\IObit\Smart Defrag 2\Freeware\FreeSoftwareDownload\DownloadInfo.initmp
c:\program files\IObit\Smart Defrag 2\LatestNews\LatestNews.ini
c:\programdata\IObit
c:\programdata\IObit\Advanced Spyware Remover\config.ini
c:\programdata\IObit\Advanced Spyware Remover\Ignore.ini
c:\programdata\IObit\Advanced SystemCare V4\temp.ini
c:\programdata\IObit\Advanced SystemCare V5\AscService.ini
c:\programdata\IObit\Advanced SystemCare V5\temp.ini
c:\programdata\IObit\Game Booster 3\GameBooster.ini
c:\programdata\IObit\Game Booster\Essentials\allswn.dat
c:\programdata\IObit\Game Booster\Essentials\config.ini
c:\programdata\IObit\Game Booster\GameBooster.ini
c:\programdata\IObit\Game Booster\gameboxpre.db
c:\programdata\IObit\Game Booster\Ignore.ini
c:\programdata\IObit\IObit Security 360\config.ini
c:\programdata\IObit\IObit Security 360\HijackScan.ini
c:\programdata\IObit\IObit Security 360\Ignore.ini
c:\programdata\IObit\IObit Security 360\PD_Stat.ini
c:\programdata\IObit\IObit Security 360\PS_Config.ini
c:\users\All Users\IObit\Advanced Spyware Remover\config.ini
c:\users\All Users\IObit\Advanced Spyware Remover\Ignore.ini
c:\users\All Users\IObit\Advanced SystemCare V4\temp.ini
c:\users\All Users\IObit\Advanced SystemCare V5\AscService.ini
c:\users\All Users\IObit\Advanced SystemCare V5\temp.ini
c:\users\All Users\IObit\Game Booster 3\GameBooster.ini
c:\users\All Users\IObit\Game Booster\Essentials\allswn.dat
c:\users\All Users\IObit\Game Booster\Essentials\config.ini
c:\users\All Users\IObit\Game Booster\GameBooster.ini
c:\users\All Users\IObit\Game Booster\gameboxpre.db
c:\users\All Users\IObit\Game Booster\Ignore.ini
c:\users\All Users\IObit\IObit Security 360\config.ini
c:\users\All Users\IObit\IObit Security 360\HijackScan.ini
c:\users\All Users\IObit\IObit Security 360\Ignore.ini
c:\users\All Users\IObit\IObit Security 360\PD_Stat.ini
c:\users\All Users\IObit\IObit Security 360\PS_Config.ini
c:\users\currys\AppData\Local\Conduit
c:\users\currys\AppData\Local\Conduit\CT2645238\ZoneAlarm_SecurityAutoUpdateHelper.exe
c:\users\currys\AppData\LocalLow\Conduit
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1037922_1033633_UK.xml
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1161838_1157525_UK.xml
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1178763_1174448_UK.xml
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_900783_896578_UK.xml
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml
c:\users\currys\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml
c:\users\currys\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_7_0_6.xml
c:\users\currys\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_8_2_0.xml
c:\users\currys\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_8_5_1.xml
c:\users\currys\AppData\LocalLow\ConduitEngine
c:\users\currys\AppData\LocalLow\ConduitEngine\ConduitEngine.dll
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\AddedAppDialog\app-added.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\AddedAppDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\DefualtImages\icon.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\DetectedAppDialog\app-2go.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\DetectedAppDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\DialogsAPI.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\EngineFirstTimeDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\EngineFirstTimeDialog\right-click.gif
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\excanvas.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\generalDialogStyle.css
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\PIE.htc
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\RoundedCorners.css
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\RoundedCornersIE9.css
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog\Images\info.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog\Images\ok-on.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog\Images\ok.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.css
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\settings.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\arrow.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\divider.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\facebook.png
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAddedAppDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAppPendingDialog\main.html
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\users\currys\AppData\LocalLow\ConduitEngine\Dialogs\version.txt
c:\users\currys\AppData\LocalLow\ConduitEngine\EngineSettings.json
c:\users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-gb.xml
c:\users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-gb.xml
c:\users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-gb.xml
c:\users\currys\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-gb.xml
c:\users\currys\AppData\LocalLow\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs\data.txt
c:\users\currys\AppData\LocalLow\ConduitEngine\toolbar.cfg
c:\users\currys\AppData\LocalLow\searchquband
c:\windows\System32\config\currys\AppData\LocalLow\Conduit
c:\windows\System32\config\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1161838_1157525_UK.xml
c:\windows\System32\config\currys\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml
c:\windows\System32\config\currys\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\EngineSettings.json
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-gb.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-gb.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-gb.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-gb.xml
c:\windows\System32\config\systemprofile\AppData\Roaming\IObit
c:\windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5\Ignore.ini
c:\windows\System32\config\systemprofile\AppData\Roaming\IObit\IObit Malware Fighter\config.ini
c:\windows\System32\config\systemprofile\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini
c:\windows\System32\config\systemprofile\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 17:39 . 2012-07-22 17:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-22 17:39 . 2012-07-22 17:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-22 17:39 . 2012-07-22 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 16:41 . 2012-07-22 16:54 -------- dc----w- C:\baffledUK123
2012-07-22 12:08 . 2012-07-22 12:08 -------- d-----w- c:\program files\MSXML 4.0
2012-07-22 06:31 . 2012-07-22 06:31 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-07-20 17:58 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29977FF9-9CF0-4D98-B6EE-BCF54DB1C42C}\mpengine.dll
2012-07-19 18:12 . 2012-07-19 18:20 -------- d-----w- c:\users\currys\AppData\Roaming\ErrorTeck
2012-07-19 18:12 . 2012-07-19 18:12 -------- d--h--w- c:\windows\PIF
2012-07-17 22:15 . 2012-07-17 22:27 -------- dc----w- C:\BaffledUK.123
2012-07-17 20:44 . 2012-07-02 22:24 4448056 ----a-w- c:\windows\uninst.exe
2012-07-11 20:10 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 22:30 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 22:30 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:30 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 22:30 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 22:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 22:05 . 2012-07-10 22:05 -------- dc----w- C:\_OTL
2012-07-06 12:47 . 2012-07-06 12:47 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-07-06 10:45 . 2012-07-06 10:45 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\offreg.dll
2012-07-06 09:35 . 2012-05-30 19:41 6762896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\mpengine.dll
2012-07-05 22:20 . 2012-07-05 22:20 -------- d-----w- c:\program files\Common Files\Java
2012-07-05 22:19 . 2012-07-05 22:19 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-04 10:19 . 2012-07-04 10:19 -------- d-----w- c:\users\currys\AppData\Roaming\SUPERAntiSpyware.com
2012-07-04 10:18 . 2012-07-04 10:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-04 10:18 . 2012-07-04 10:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-04 09:42 . 2012-07-04 09:42 388096 ----a-r- c:\users\currys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-04 09:42 . 2012-07-04 09:42 -------- d-----w- c:\program files\Trend Micro
2012-07-02 17:56 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 15:03 . 2012-06-30 15:03 -------- d-----w- c:\users\currys\AppData\Roaming\Sammsoft
2012-06-30 15:02 . 2012-06-30 15:08 -------- d-----w- c:\program files\ARO 2012
2012-06-30 10:59 . 2012-07-14 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 22:55 . 2012-06-29 22:59 -------- d-----w- c:\users\currys\AppData\Roaming\DigitalSupport
2012-06-29 22:33 . 2012-06-29 22:33 -------- d-----w- c:\users\currys\AppData\Roaming\Simply Super Software
2012-06-29 22:32 . 2012-06-29 22:32 -------- d-----w- c:\programdata\Simply Super Software
2012-06-29 22:32 . 2012-06-29 22:33 -------- d-----w- c:\program files\Trojan Remover
2012-06-28 12:40 . 2012-07-01 00:10 -------- d-----w- c:\program files\ReImageCompanion
2012-06-28 12:34 . 2012-06-28 12:34 -------- dc-h--w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-06-28 12:31 . 2012-07-01 00:10 -------- dc-h--w- c:\programdata\~0
2012-06-24 23:20 . 2012-07-06 11:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-24 10:12 . 2012-06-26 21:36 -------- d-----w- c:\program files\RegZooka
2012-06-24 09:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 09:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 09:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 09:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 09:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 09:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 09:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 09:35 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 09:35 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 12:46 . 2012-06-23 12:46 -------- d-----w- c:\users\currys\AppData\Local\Macromedia
2012-06-23 10:43 . 2012-06-23 11:42 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-06-23 10:35 . 2012-06-23 10:35 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-23 10:35 . 2012-06-23 10:35 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-06-23 09:45 . 2012-07-07 14:17 -------- d-----w- c:\programdata\RegRun
2012-06-23 09:44 . 2012-06-23 09:44 2 --shatr- c:\windows\winstart.bat
2012-06-23 09:44 . 2012-06-23 09:44 -------- d-----w- c:\program files\Greatis
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 21:34 . 2012-03-30 19:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 21:34 . 2011-07-16 18:09 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 22:19 . 2010-04-22 21:21 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 11:25 . 2010-06-16 18:03 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-13 11:59 . 2011-12-17 15:48 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-05-11 10:14 . 2012-06-19 21:53 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 08:55 . 2011-12-18 09:35 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 08:55 . 2011-12-18 09:35 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-22 06:31 . 2012-05-20 11:05 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-28 20:51 . 2008-11-07 09:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 68856]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 3906432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 3881792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"ISW"="" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-10 12:47 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
path=c:\users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2009-01-02 12:05 1041960 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 17:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-03 11:28 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:34]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
- c:\users\currys\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 10:26]
.
2012-07-22 c:\windows\Tasks\Recovery DVD Creator-currys.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-21 15:25]
.
2012-07-22 c:\windows\Tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job
- c:\windows\system32\msfeedssync.exe [2012-05-15 08:09]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 18:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\*& *u*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:92,fa,95,c7,a1,37,50,00
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,e6,62,f7,01,dc,fb,1c,52,f0,6e,66,c7,e7,f7,7d,d4,3c,36,63,42,0e,89,
8f,85,fa,f6,6d,83,03,fa,81,49,39,a4,45,bf,5e,77,23,eb,37,4b,86,ff,a8,26,ea,\
"??"=hex:dd,bb,b0,11,5f,96,3e,4b,49,50,e6,16,dd,f8,06,aa
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):85,95,14,d3,27,4a,46,92,ae,59,c7,15,15,df,38,74,0f,19,b1,7a,db,
bb,f0,e8,07,d0,65,01,12,5d,c5,e7,c3,d1,3d,a1,73,f5,bd,ad,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{f72d7cc0-3228-4f40-938c-e80ee848e811}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bc
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(692)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-07-22 18:42:15
ComboFix-quarantined-files.txt 2012-07-22 17:42
ComboFix2.txt 2012-07-22 16:54
ComboFix3.txt 2012-07-17 22:27
ComboFix4.txt 2012-07-06 11:43
ComboFix5.txt 2012-07-22 17:25
.
Pre-Run: 449,237,794,816 bytes free
Post-Run: 448,177,405,952 bytes free
.
- - End Of File - - 59D177CBBA9F33FB50AF220DF26B4640


----------



## eddie5659 (Mar 19, 2001)

Yep, they're removed which is good 

Now, a few more things I need to look at. Firstly, do you know what these are:
*
c:\programdata\~0
c:\windows\winstart.bat
C:\Users\currys\.rnd*

If you're not sure, we'll have a look in a min 

-------------

Using SystemLook again, can you run it with the following code, and post the log it produces:


```
:dir
c:\programdata\~0
C:\Users\currys\.rnd
:contents
c:\windows\winstart.bat
```
If its very big, just attach it 

-----------------------

Then, can you re-run OTL as follows:


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under the Custom Scan box paste this in


```
type C:\Windows\system32\tasks\{066D67B3-8FF6-40F2-AE4C-FCD397779332} /c
type C:\Windows\system32\tasks\{6A6C8641-9252-4A7B-AD0E-22E5CD41E78F} /c
type C:\Windows\system32\tasks\{9314AEE8-62B5-46E1-9371-CEBBD1505854} /c
type C:\Windows\system32\tasks\{953E484D-EA99-46B4-A95B-80A40D9FD657} /c
type C:\Windows\system32\tasks\{9A51833A-65CA-4472-81F6-7A8B7C220054} /c
type C:\Windows\system32\tasks\{A951A895-488A-4F20-95BB-2FD4A1404939} /c
```

Then click the *Run Scan* button at the top 
When the scan completes, it will open only one notepad window, *OTL.Txt*. This is saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of this file 

eddie


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 19:18 on 23/07/2012 by currys
Administrator - Elevation successful

========== dir ==========

c:\programdata\~0 - Parameters: "(none)"

---Files---
bm_installer.exe --a--c- 3277651 bytes [12:31 28/06/2012] [12:49 03/04/2012]
mia.lib -----c- 590523 bytes [12:31 28/06/2012] [12:49 03/04/2012]

---Folders---
None found.

C:\Users\currys\.rnd - Unable to find folder.

========== contents ==========

c:\windows\winstart.bat - Opened succesfully.

-= EOF =-

OTL logfile created on: 23/07/2012 19:21:48 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\currys\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.04% Memory free
6.22 Gb Paging File | 4.64 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 418.08 Gb Free Space | 71.32% Space Free | Partition Type: NTFS

Computer Name: EAMONNS | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 18:50:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL.exe
PRC - [2012/06/26 18:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/07 01:27:06 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/05/03 15:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/04/30 20:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/02/29 21:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 21:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2009/01/02 13:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/07/16 15:00:00 | 000,024,576 | ---- | M] () -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
PRC - [2008/07/07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/23 17:49:29 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/23 17:49:29 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/04 11:19:20 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/04 11:19:20 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/21 18:27:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 19:38:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 22:34:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/10 09:55:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 09:55:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/07 01:27:06 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/12/10 13:47:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/08/21 22:08:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 15:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\currys\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/23 12:42:47 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/06/23 11:35:37 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2012/05/10 09:55:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/10 09:55:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/30 20:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/03/01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/17 13:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/01/09 19:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 19:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 19:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/12/09 13:40:53 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/25 19:04:46 | 000,303,720 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/09 03:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/07/16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 08 D2 6F 60 88 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{12E234A8-7EC3-47EF-9DD4-E79D0259DB1B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_en
IE - HKCU\..\SearchScopes\{2310B25F-E44D-4DCE-8978-173DBD1341C1}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2AB81444-0133-4A21-88D6-7236293CD844}&mid=86c7969f8ba047d19024d168d145dea3-9a877b0da52b245d0ae7330e6e4e92d782696eee&lang=en&ds=ts025&pr=&d=2011-12-14 00:04:00&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{98C169E2-613B-42D8-9716-3201888DF14E}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=380920&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\currys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\currys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 10:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 12:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/05/23 18:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/07/01 01:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 07:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/05 23:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 07:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/05 23:19:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 10:44:51 | 000,000,000 | ---D | M]

[2012/01/22 11:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/07/24 22:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/10 23:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/10 23:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions
[2012/06/13 23:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/22 07:31:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/05/21 22:59:26 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\EXTENSIONS\[email protected]
[2012/07/22 07:31:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/29 17:07:04 | 000,003,703 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/22 07:31:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/22 07:31:26 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search ()
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQBlC1I2g&i=26
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\
CHR - Extension: No name found = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: No name found = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\

O1 HOSTS File: ([2012/07/22 18:39:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1322783446664 (MUCatalogWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27FA60FB-5855-47ED-90FC-73C7DFD953D2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/29 12:14:24 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 18:42:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/22 18:26:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/22 17:41:38 | 000,000,000 | ---D | C] -- C:\baffledUK123
[2012/07/22 13:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/07/19 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\ErrorTeck
[2012/07/19 19:12:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/07/17 23:15:12 | 000,000,000 | ---D | C] -- C:\BaffledUK.123
[2012/07/17 21:44:45 | 004,448,056 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/11 21:10:45 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 21:05:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 21:05:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 21:05:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 21:05:50 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 21:05:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 21:05:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 21:05:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 23:30:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 23:05:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/06 18:53:42 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012/07/06 11:58:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/06 10:41:36 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\currys\Desktop\tdsskiller(4).exe
[2012/07/05 23:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/05 23:19:40 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/05 23:19:40 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/05 23:19:26 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/05 23:19:26 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/05 00:19:45 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
[2012/07/04 16:44:55 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\New Folder
[2012/07/04 11:19:08 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/04 11:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/04 11:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/04 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/04 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/07/04 10:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/02 18:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/02 18:56:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 16:03:16 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Sammsoft
[2012/06/30 16:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012
[2012/06/30 11:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/30 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\RK_Quarantine
[2012/06/29 23:55:11 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\DigitalSupport
[2012/06/29 23:33:07 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Simply Super Software
[2012/06/29 23:33:07 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Simply Super Software
[2012/06/29 23:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/06/29 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012/06/28 13:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\ReImageCompanion
[2012/06/28 13:34:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012/06/28 13:31:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012/06/25 00:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/06/25 00:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/24 11:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\RegZooka
[2012/06/24 10:36:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/24 10:36:27 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/24 10:35:41 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/24 10:35:41 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/24 10:35:40 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/24 10:35:22 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/24 10:35:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files - Modified Within 30 Days ==========

[2012/07/23 19:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-currys.job
[2012/07/23 18:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/23 18:51:14 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job
[2012/07/23 18:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/23 17:53:48 | 000,668,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/23 17:53:48 | 000,136,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/23 17:47:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/07/23 17:47:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/23 17:47:04 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 17:47:04 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 17:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 18:39:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/22 18:24:08 | 000,000,545 | ---- | M] () -- C:\Users\currys\Desktop\ComboFix - Shortcut.lnk
[2012/07/22 07:27:28 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
[2012/07/18 23:56:15 | 000,002,525 | ---- | M] () -- C:\Users\currys\Desktop\HiJackThis.lnk
[2012/07/14 20:06:37 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/14 19:55:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 22:56:57 | 000,000,555 | ---- | M] () -- C:\Users\currys\Desktop\SystemLook - Shortcut.lnk
[2012/07/11 22:34:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/11 22:34:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/11 21:29:59 | 000,322,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 23:05:03 | 000,000,514 | ---- | M] () -- C:\Users\currys\Desktop\OTL - Shortcut.lnk
[2012/07/08 23:49:44 | 000,004,857 | ---- | M] () -- C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml
[2012/07/08 19:40:57 | 001,558,016 | ---- | M] () -- C:\Users\currys\Desktop\RogueKiller(1).exe
[2012/07/06 13:47:29 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012/07/06 12:00:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/06 10:41:40 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\currys\Desktop\tdsskiller(4).exe
[2012/07/05 23:31:17 | 000,001,359 | ---- | M] () -- C:\Users\currys\Desktop\java - Shortcut.lnk
[2012/07/05 23:19:14 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/05 23:19:13 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/05 23:19:13 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/05 23:19:13 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/05 23:19:13 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/05 00:18:14 | 000,016,968 | ---- | M] () -- C:\Users\currys\Untitled 1.odt
[2012/07/04 11:19:01 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/02 23:38:28 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Disk Cleaner.lnk
[2012/07/02 23:24:17 | 004,448,056 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/01 00:05:13 | 3220,320,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 23:39:39 | 000,000,134 | ---- | M] () -- C:\Users\currys\Desktop\Microsoft Fix it.url
[2012/06/24 11:02:03 | 000,000,487 | ---- | M] () -- C:\Windows\wininit.ini

========== Files Created - No Company Name ==========

[2012/07/22 18:24:08 | 000,000,545 | ---- | C] () -- C:\Users\currys\Desktop\ComboFix - Shortcut.lnk
[2012/07/12 22:56:56 | 000,000,555 | ---- | C] () -- C:\Users\currys\Desktop\SystemLook - Shortcut.lnk
[2012/07/10 23:05:03 | 000,000,514 | ---- | C] () -- C:\Users\currys\Desktop\OTL - Shortcut.lnk
[2012/07/08 23:49:43 | 000,004,857 | ---- | C] () -- C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml
[2012/07/08 19:40:56 | 001,558,016 | ---- | C] () -- C:\Users\currys\Desktop\RogueKiller(1).exe
[2012/07/08 00:57:14 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job
[2012/07/06 13:47:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/07/05 23:30:52 | 000,001,359 | ---- | C] () -- C:\Users\currys\Desktop\java - Shortcut.lnk
[2012/07/05 00:18:12 | 000,016,968 | ---- | C] () -- C:\Users\currys\Untitled 1.odt
[2012/07/04 11:19:01 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/04 10:42:09 | 000,002,525 | ---- | C] () -- C:\Users\currys\Desktop\HiJackThis.lnk
[2012/07/02 18:56:52 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/01 01:13:20 | 000,322,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/29 00:22:04 | 3220,320,256 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/26 23:39:39 | 000,000,134 | ---- | C] () -- C:\Users\currys\Desktop\Microsoft Fix it.url
[2012/06/26 23:37:20 | 000,001,041 | ---- | C] () -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/24 11:02:02 | 000,000,487 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/29 12:35:23 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\{A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5}
[2012/01/01 19:41:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/01 19:41:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/01 19:41:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/01 19:41:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/01 19:41:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 20:48:31 | 000,016,918 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.xml
[2011/12/29 12:23:29 | 004,250,112 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.msp
[2011/12/26 14:05:56 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/02 23:16:09 | 000,001,043 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/06/17 21:23:38 | 000,000,094 | ---- | C] () -- C:\Users\currys\AppData\Local\fusioncache.dat
[2011/03/03 21:18:20 | 000,001,024 | ---- | C] () -- C:\Users\currys\.rnd
[2011/03/03 21:18:09 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/02/06 01:16:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/09 22:45:44 | 000,128,356 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/16 16:06:15 | 000,001,356 | ---- | C] () -- C:\Users\currys\AppData\Local\d3d9caps.dat
[2009/06/23 22:13:57 | 000,024,206 | ---- | C] () -- C:\Users\currys\AppData\Roaming\UserTile.png
[2009/06/16 18:02:15 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/06/15 20:10:47 | 000,211,968 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< type C:\Windows\system32\tasks\{066D67B3-8FF6-40F2-AE4C-FCD397779332} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\currys\AppData\Local\Temp\IswTmp\DwlRun\avira_antivirus_premium.exe -d "C:\Program Files\CheckPoint\ZAForceField"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>EAMONNS\currys</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{6A6C8641-9252-4A7B-AD0E-22E5CD41E78F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall STANDARDR /dll OSETUP.DLL</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>EAMONNS\currys</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{9314AEE8-62B5-46E1-9371-CEBBD1505854} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\currys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAZBDMGG\LimeWireWin[1].exe" -d C:\Users\currys\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>EAMONNS\currys</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{953E484D-EA99-46B4-A95B-80A40D9FD657} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\currys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0DTNDV1\avira_antivir_premium_en.exe" -d C:\Users\currys\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>EAMONNS\currys</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{9A51833A-65CA-4472-81F6-7A8B7C220054} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\currys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZGTCL05\avira_antivirus_premium_en.exe" -d C:\Users\currys\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>EAMONNS\currys</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{A951A895-488A-4F20-95BB-2FD4A1404939} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\currys\Downloads\deldrvwin1250ejf.exe -d C:\Users\currys\Downloads</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>EAMONNS\currys</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

========== Alternate Data Streams ==========

@Alternate Data Stream - 1077 bytes -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml:OECustomProperty

< End of report >
Eddie No idea what those 3 are thanks again


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like the Tasks are all okay 

Looking at the contents of this one:

c:\programdata\~0

Its related to Uniblue RegistryBooster installation, so that's okay.

As for this one, not sure why the contents didn't show 

c:\windows\winstart.bat

Could you zip it up and attach it here, so I can have a looksee. I'll remove it after I've got it, incase its a baddie (don't want others getting it by mistake  )

---

Open Windows Explorer and navigate to:

*c:\windows\winstart.bat*

Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *winstart.zip* in the c:\Windows folder.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## baffledUK (Jul 2, 2012)

Eddie really not sure if I have done this correctly....this zip seems to be empty. Not sure if I even found *c:\windows\winstart.bat.

Just a novice......
Eamonn
*


----------



## eddie5659 (Mar 19, 2001)

That's okay, we can do it this way, as its showing in your SystemLook log.

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> c:\windows\winstart.bat
> *


Let me know when its uploaded


----------



## baffledUK (Jul 2, 2012)

I think its there!!


----------



## eddie5659 (Mar 19, 2001)

Nope, no posts there. I assume you have the sfp program on your Desktop, and added the file to it 

Now, just go here:

http://www.thespykiller.co.uk/index.php?board=1.0

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file (zipped one that you just created)


----------



## eddie5659 (Mar 19, 2001)

Saw the post there, just nothing in the attachment 

Can you do this for me instead:

Open Windows Explorer, and navigate to the following folder:

*c:\windows*

When there, locate the *winstart.bat* file.

Right-click on it and select *Edit* and Notepad should open up.

Copy/Paste the contents here.

eddie


----------



## baffledUK (Jul 2, 2012)

Hi Eddie

Seem to be having a problem, did what you suggested above- winstart.bat doesn't show. Pasted winstart.bat into search, and came up with winstart icon. Tried to open, and send to zip file but nothing happened- the zip file was empty, and unable to open the file itself.

Suggestions please?

Thanks
Eamonn


----------



## eddie5659 (Mar 19, 2001)

Hmmm, okay can you re-run SystemLook again, but with this code and post the log:


```
:filefind
*winstart*
:folderfind
*winstart*
```


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 23:01 on 30/07/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*winstart*"
C:\Users\currys\AppData\Roaming\Microsoft\Windows\Recent\winstart (2).lnk --a---- 451 bytes [19:13 24/07/2012] [19:13 24/07/2012] 841BEC7313050DED21928C32FBB15327
C:\Users\currys\AppData\Roaming\Microsoft\Windows\Recent\winstart.lnk --a---- 431 bytes [18:41 24/07/2012] [19:00 28/07/2012] C381D9C085E94AECFAED7F4EB80CCE0C
C:\Users\currys\Desktop\winstart.zip --a---- 124 bytes [19:00 28/07/2012] [19:00 28/07/2012] 1E060D9DBC27C4D95BFE988F3703E108
C:\Users\currys\Desktop\winstart\winstart.bat -rahs-- 2 bytes [09:44 23/06/2012] [09:44 23/06/2012] 81051BCC2CF1BEDF378224B0A93E2877
C:\Windows\winstart.bat -rahs-- 2 bytes [09:44 23/06/2012] [09:44 23/06/2012] 81051BCC2CF1BEDF378224B0A93E2877

========== folderfind ==========

Searching for "*winstart*"
C:\Users\currys\Desktop\winstart d------ [19:00 28/07/2012]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, it looks like its hidden, and you have two copies, so lets try the Desktop one 

C:\Users\currys\Desktop\winstart\winstart.bat

Set Explorer to view Hidden Files and Folders:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Show all Files and Folders
Select *Apply to All Folders *| *Yes* | *Apply* |* OK*.

Now, on your Desktop, you're looking for the Winstart folder, and then inside is the winstart.bat file. It may not have the extension, but looks like this:










If you can see the file, right-click on it and select Edit. Notepad should be there with some details in, and that's what to copy/paste in to your reply


----------



## baffledUK (Jul 2, 2012)

Eddie

Tried right click and explore. Can't find menu with tools, am I just being dense?


----------



## eddie5659 (Mar 19, 2001)

Need to update that, as its an old canned speech 

Okay, just open up Windows Explorer. At the top, select Tools in the menu, and follow the rest of the instructions above.

If the menu isn't there (not on Vista myself, but this happens on Win7) then press the Alt key on the keyboard, and it should appear


----------



## baffledUK (Jul 2, 2012)

Still having problems can get to view tab but no option 'to show all files and folders' stuck I'm afraid


----------



## eddie5659 (Mar 19, 2001)

Okay, managed to grab someone that had Vista on a laptop at work, and there is another way 

Go to the Control Panel. In there, look for the actual icon that says *Folder Options* if you're in Classic View. If you're in the *Normal View*, then click on *Appearance and Personalization* and in there will be the *Folder Options*.

Then, when you've opened that, click on the View tab, select *Show Hidden Files and Folders*, Apply and OK.


----------



## eddie5659 (Mar 19, 2001)

I can also do this via Windows 7, similar way, so here are some screenies 

Okay, if its Classic view, this is what you're looking for, on the left for mine:










If its Normal view, then on the left you can see the one I've highlighted.










Then, open up Folder Options:


----------



## baffledUK (Jul 2, 2012)

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[MCI Extensions.BAK]
m2v=MPEGVideo
mod=MPEGVideo
[Readiris]
Scanner32=Twaino38,23
[Mail]
CMCDLLNAME32=mapi32.dll
CMC=1
MAPI=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1

Hopefully this is want you want...........


----------



## eddie5659 (Mar 19, 2001)

Well, on the good side its all okay, but the name itself just brought alarm bells to me, as it was named Winstart, as in to start when Windows starts, and a bat file, which can be linked to malware.

But, its okay, so that's good. Finally got there in the end 

---------

Now, lets clean up a few remains of the stuff we removed before.

Delete the copy of ComboFix you have and get a fresh one from one of these links:

*Link 1*
*Link 2*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> Reglock::
> [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
> Registry::
> [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

------------------------

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## baffledUK (Jul 2, 2012)

ComboFix 12-07-31.06 - currys 03/08/2012 19:14:15.7.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2072 [GMT 1:00]
Running from: c:\users\currys\Downloads\ComboFix.exe
Command switches used :: c:\users\currys\Desktop\CFScript.txt.txt
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 18:22 . 2012-08-03 18:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-03 18:22 . 2012-08-03 18:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-03 18:22 . 2012-08-03 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 17:20 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF9CC498-F79F-4CFA-8F16-E2F86A39C8DB}\mpengine.dll
2012-07-22 16:41 . 2012-07-22 16:54 -------- dc----w- C:\baffledUK123
2012-07-22 12:08 . 2012-07-22 12:08 -------- d-----w- c:\program files\MSXML 4.0
2012-07-22 06:31 . 2012-07-29 00:04 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-07-19 18:12 . 2012-07-19 18:20 -------- d-----w- c:\users\currys\AppData\Roaming\ErrorTeck
2012-07-19 18:12 . 2012-07-19 18:12 -------- d--h--w- c:\windows\PIF
2012-07-17 22:15 . 2012-07-17 22:27 -------- dc----w- C:\BaffledUK.123
2012-07-17 20:44 . 2012-07-02 22:24 4448056 ----a-w- c:\windows\uninst.exe
2012-07-11 20:10 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 22:30 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 22:30 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:30 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 22:30 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 22:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 22:05 . 2012-07-10 22:05 -------- dc----w- C:\_OTL
2012-07-06 12:47 . 2012-07-06 12:47 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-07-06 10:45 . 2012-07-06 10:45 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\offreg.dll
2012-07-06 09:35 . 2012-05-30 19:41 6762896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FCADA8-9CD5-4ED3-BB75-FDAE65595041}\mpengine.dll
2012-07-05 22:20 . 2012-07-05 22:20 -------- d-----w- c:\program files\Common Files\Java
2012-07-05 22:19 . 2012-07-05 22:19 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 17:34 . 2012-03-30 19:49 426184 ----a-w-  c:\windows\system32\FlashPlayerApp.exe
2012-08-03 17:34 . 2011-07-16 18:09 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 22:19 . 2010-04-22 21:21 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 09:42 . 2012-07-04 09:42 388096 ----a-r- c:\users\currys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-03 12:46 . 2012-07-02 17:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 11:42 . 2012-06-23 10:43 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-06-23 10:35 . 2012-06-23 10:35 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-23 10:35 . 2012-06-23 10:35 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-06-23 09:44 . 2012-06-23 09:44 2 --shatr- c:\windows\winstart.bat
2012-06-02 22:19 . 2012-06-24 09:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 09:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 09:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 09:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 09:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 09:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 09:35 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-24 09:35 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-24 09:35 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2010-06-16 18:03 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-13 11:59 . 2011-12-17 15:48 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-05-11 10:14 . 2012-06-19 21:53 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 08:55 . 2011-12-18 09:35 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 08:55 . 2011-12-18 09:35 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-29 00:04 . 2012-05-20 11:05 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-28 20:51 . 2008-11-07 09:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 68856]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-24 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 3881792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"ISW"="" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-10 12:47 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
path=c:\users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2009-01-02 12:05 1041960 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 17:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-03 11:28 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:34]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
- c:\users\currys\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 10:26]
.
2012-08-03 c:\windows\Tasks\Recovery DVD Creator-currys.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-21 15:25]
.
2012-08-03 c:\windows\Tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job
- c:\windows\system32\msfeedssync.exe [2012-05-15 08:09]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-03 19:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\*& *u*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:92,fa,95,c7,a1,37,50,00
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,e6,62,f7,01,dc,fb,1c,52,f0,6e,66,c7,e7,f7,7d,d4,3c,36,63,42,0e,89,
8f,85,fa,f6,6d,83,03,fa,81,49,39,a4,45,bf,5e,77,23,eb,37,4b,86,ff,a8,26,ea,\
"??"=hex:dd,bb,b0,11,5f,96,3e,4b,49,50,e6,16,dd,f8,06,aa
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):85,95,14,d3,27,4a,46,92,ae,59,c7,15,15,df,38,74,0f,19,b1,7a,db,
bb,f0,e8,07,d0,65,01,12,5d,c5,e7,c3,d1,3d,a1,73,f5,bd,ad,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{f72d7cc0-3228-4f40-938c-e80ee848e811}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bc
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(752)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-08-03 19:25:48
ComboFix-quarantined-files.txt 2012-08-03 18:25
ComboFix2.txt 2012-07-22 17:42
ComboFix3.txt 2012-07-22 16:54
ComboFix4.txt 2012-07-17 22:27
ComboFix5.txt 2012-08-02 22:23
.
Pre-Run: 448,926,539,776 bytes free
Post-Run: 448,947,691,520 bytes free
.
- - End Of File - - E342663875B94CBC282CAED1BFE4CE1D


----------



## baffledUK (Jul 2, 2012)

```
OTS logfile created on: 04/08/2012 10:04:35 - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\currys\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 421.34 Gb Free Space | 71.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: EAMONNS
Current User Name: currys
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\currys\Downloads\OTS.exe -> [2012/08/04 10:01:57 | 000,646,656 | ---- | M] (OldTimer Tools)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2012/07/24 19:26:40 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com)
toolbarupdater.exe -> C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -> [2012/05/07 01:27:06 | 000,932,736 | ---- | M] ()
vsmon.exe -> C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -> [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD)
zatray.exe -> C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe -> [2012/05/03 15:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD)
iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies)
forcefield.exe -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe -> [2012/04/30 20:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies)
nvxdsync.exe -> C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -> [2012/02/29 21:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation)
nvtray.exe -> C:\Program Files\NVIDIA Corporation\Display\nvtray.exe -> [2012/02/29 21:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation)
armsvc.exe -> C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
kservice.exe -> C:\Program Files\Kontiki\KService.exe -> [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.)
khost.exe -> C:\Program Files\Kontiki\KHost.exe -> [2009/01/02 13:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.)
etservice.exe -> C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -> [2008/07/16 15:00:00 | 000,024,576 | ---- | M] ()
smpsys.exe -> C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe -> [2008/07/07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV)
photoshopelementsfileagent.exe -> C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 00:45:04 | 000,124,832 | ---- | M] ()
 
[Modules - No Company Name]
sd10006.dll -> C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll -> [2012/08/04 09:45:25 | 000,065,024 | ---- | M] ()
sd10007.dll -> C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll -> [2012/08/04 09:45:25 | 000,052,736 | ---- | M] ()
uirepair.dll -> C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL -> [2012/07/04 11:19:20 | 000,117,760 | ---- | M] ()
sd10005.dll -> C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll -> [2012/07/04 11:19:20 | 000,052,224 | ---- | M] ()
 
[Win32 Services - Safe List]
(MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/08/03 20:55:11 | 000,114,144 | ---- | M] (Mozilla Foundation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/08/03 18:34:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Steam\SteamService.exe -> [2012/07/21 18:27:35 | 000,529,232 | ---- | M] (Valve Corporation)
(MBAMService) MBAMService [Disabled | Stopped] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation)
(AntiVirSchedulerService) Avira Scheduler [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2012/05/10 09:55:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG)
(AntiVirService) Avira Realtime Protection [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2012/05/10 09:55:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG)
(vToolbarUpdater11.0.2) vToolbarUpdater11.0.2 [Auto | Running] -> C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -> [2012/05/07 01:27:06 | 000,932,736 | ---- | M] ()
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -> [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD)
(IswSvc) ZoneAlarm LTD Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies)
(MsMpSvc) Microsoft Antimalware Service [Auto | Stopped] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation)
(nvUpdatusService) NVIDIA Update Service Daemon [Auto | Stopped] -> C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -> [2010/12/10 13:47:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(KService) KService [Auto | Running] -> C:\Program Files\Kontiki\KService.exe -> [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/08/21 22:08:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
(ETService) Empowering Technology Service [Auto | Running] -> C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -> [2008/07/16 15:00:00 | 000,024,576 | ---- | M] ()
(ezSharedSvc) Easybits Shared Services for Windows [Auto | Running] -> C:\Windows\System32\ezsvc7.dll -> [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation)
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Auto | Running] -> C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 00:45:04 | 000,124,832 | ---- | M] ()
 
[Driver Services - Safe List]
(MBAMProtector) MBAMProtector [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbam.sys -> [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation)
(RegGuard) RegGuard [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\regguard.sys -> [2012/06/23 12:42:47 | 000,024,416 | ---- | M] (Greatis Software)
(avipbb) avipbb [Kernel | System | Running] -> C:\Windows\System32\drivers\avipbb.sys -> [2012/05/10 09:55:44 | 000,137,928 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\System32\drivers\avgntflt.sys -> [2012/05/10 09:55:44 | 000,083,392 | ---- | M] (Avira GmbH)
(ISWKL) ZoneAlarm LTD Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2012/04/30 20:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2012/03/01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation)
(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvhda32v.sys -> [2012/01/17 13:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation)
(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\System32\drivers\klif.sys -> [2012/01/09 19:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab)
(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\kl1.sys -> [2012/01/09 19:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO)
(kl2) kl2 [Kernel | System | Running] -> C:\Windows\System32\drivers\kl2.sys -> [2012/01/09 19:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO)
(avkmgr) avkmgr [Kernel | System | Running] -> C:\Windows\System32\drivers\avkmgr.sys -> [2011/12/09 13:40:53 | 000,036,000 | ---- | M] (Avira GmbH)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(Vsdatant) Zone Alarm Firewall Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\vsdatant.sys -> [2011/05/07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2010/10/25 19:04:46 | 000,303,720 | ---- | M] (Realtek                                            )
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH)
(nvstor32) nvstor32 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\nvstor32.sys -> [2010/04/09 03:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation)
(int15) int15 [Kernel | Auto | Running] -> C:\Windows\System32\drivers\int15.sys -> [2008/07/16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"Start Page" -> http://www.msn.com/?ocid=EIE9HP&PC=UP50 -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 8C 08 D2 6F 60 88 CC 01  [binary data] -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\currys\AppData\Roaming\Mozilla\FireFox\Profiles\fwvafgml.default\prefs.js -> 
browser.search.defaultenginename -> "" ->
browser.search.defaultthis.engineName -> "" ->
browser.search.defaulturl -> "" ->
browser.search.selectedEngine -> "" ->
browser.startup.homepage -> "http://www.google.co.uk/" ->
network.proxy.no_proxies_on -> "*.local" ->
network.proxy.type -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/01/10 10:44:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2011/01/03 12:29:42 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2012/05/23 18:09:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9\ [C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9\] -> [2012/07/01 01:10:38 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 14.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 14.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/08/03 20:55:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/08/03 20:55:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/08/03 20:55:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/08/03 20:55:08 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\currys\AppData\Roaming\mozilla\Extensions -> [2012/01/22 11:08:11 | 000,000,000 | ---D | M]
  -> C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected] -> [2009/07/24 22:05:32 | 000,000,000 | ---D | M]
  -> C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions -> [2012/07/10 23:05:54 | 000,000,000 | ---D | M]
  -> C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions -> [2012/07/10 23:05:55 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2012/08/03 20:55:08 | 000,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\distribution\extensions -> [2012/08/03 20:55:11 | 000,000,000 | ---D | M]
No name found -> C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\EXTENSIONS\[email protected] -> ()
< HOSTS File > ([2012/08/03 19:23:04 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2012/04/04 06:53:54 | 000,065,952 | ---- | M] (Adobe Systems Incorporated)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2012/04/30 20:06:54 | 000,599,680 | ---- | M] (Check Point Software Technologies)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2012/04/30 20:06:54 | 000,599,680 | ---- | M] (Check Point Software Technologies)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2012/04/30 20:06:54 | 000,599,680 | ---- | M] (Check Point Software Technologies)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"] -> [2012/04/30 20:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies)
"kdx" -> C:\Program Files\Kontiki\KHost.exe ["C:\Program Files\Kontiki\KHost.exe" -all] -> [2009/01/02 13:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2012/02/29 21:56:41 | 003,881,792 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2012/02/29 21:53:47 | 000,108,352 | ---- | M] (NVIDIA Corporation)
"ZoneAlarm" -> C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe ["C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"] -> [2012/05/03 15:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"kdx" -> C:\Program Files\Kontiki\KHost.exe [C:\Program Files\Kontiki\KHost.exe -all] -> [2009/01/02 13:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.)
"SmpcSys" -> C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe] -> [2008/07/07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2012/07/24 19:26:40 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [253] -> File not found
\\"EnableShellExecuteHooks" ->  [1] -> File not found
\\"NoDriveAutoRun-" ->  [0] -> File not found
\\"NoDriveTypeAutoRun-" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoLogOff" ->  [0] -> File not found
\\"NoClose" ->  [0] -> File not found
\\"NoSetFolders" ->  [0] -> File not found
\\"NoFavoritesMenu" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoLogOff" ->  [0] -> File not found
\\"NoClose" ->  [0] -> File not found
\\"NoSetFolders" ->  [0] -> File not found
\\"NoFavoritesMenu" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"LinkResolveIgnoreLinkInfo" ->  [1] -> File not found
\\"NoDriveAutoRun-" ->  [0] -> File not found
\\"NoDriveTypeAutoRun-" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [253] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3539 domain(s) found. -> 
localhost .[http] -> Local intranet -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [HKLM] -> http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1322783446664 [MUCatalogWebControl Class] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab [GMNRev Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab [Java Plug-in 10.5.0] -> 
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab [Java Plug-in 1.7.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.7.0_05] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{27FA60FB-5855-47ED-90FC-73C7DFD953D2}\\DhcpNameServer -> 192.168.1.254   (Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2010/07/21 01:03:03 | 000,123,392 | ---- | M] (Google)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe -> [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2011/05/04 18:54:14 | 000,551,296 | ---- | M] (SUPERAntiSpyware.com)
GoToAssist -> C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll -> [2010/12/10 13:47:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/19 01:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
"{E54729E8-BB3D-4270-9D49-7389EA579090}" [HKLM] -> C:\Windows\System32\ezUPBHook.dll [EasyBits Security Shield Hook - prevents launching insecure programs by kids] -> [2009/06/15 22:52:25 | 000,049,152 | ---- | M] (EasyBits Software Corp.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 22:43:36 | 000,000,024 | ---- | M] ()
C:\Autorun.inf [] -> C:\Autorun.inf [ NTFS ] -> [2011/12/29 12:14:24 | 000,000,000 | ---D | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe -> [2011/09/30 19:04:54 | 000,142,848 | ---- | M] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
4oD hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Kontiki\KHost.exe -> [2009/01/02 13:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.)
AppleSyncNotifier hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe -> [2010/12/14 18:17:16 | 000,047,904 | ---- | M] (Apple Inc.)
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2010/11/29 18:38:18 | 000,421,888 | ---- | M] (Apple Inc.)
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Real\RealPlayer\update\realsched.exe -> [2011/01/03 12:28:10 | 000,274,608 | ---- | M] (RealNetworks, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 2 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
FastUserSwitchingCompatibility ->  -> File not found
Ias -> C:\Windows\System32\ias.dll -> [2008/01/21 03:24:07 | 000,018,944 | ---- | M] (Microsoft Corporation)
Nla ->  -> File not found
Ntmssvc ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
SRService ->  -> File not found
WmdmPmSp ->  -> File not found
LogonHours ->  -> File not found
PCAudit ->  -> File not found
helpsvc ->  -> File not found
uploadmgr ->  -> File not found
ezSharedSvc -> C:\Windows\System32\ezsvc7.dll -> [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS)
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 03/08/2012 18:09:12 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 03/08/2012 18:09:12 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 04/08/2012 04:44:24 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 04/08/2012 04:44:24 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 04/08/2012 04:44:50 Computer Name = Eamonns | Source = SideBySide | ID = 16842830 -> Description = Activation context generation failed for "C:\Program Files\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Application [ Error ] 04/08/2012 04:44:50 Computer Name = Eamonns | Source = SideBySide | ID = 16842830 -> Description = Activation context generation failed for "C:\Program Files\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Application [ Error ] 04/08/2012 05:01:17 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 04/08/2012 05:01:17 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 04/08/2012 05:04:32 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 04/08/2012 05:04:32 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
OSession [ Error ] 07/07/2009 16:32:25 Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = 
OSession [ Error ] 07/07/2009 16:44:49 Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = 
OSession [ Error ] 07/07/2009 16:50:58 Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = 
System [ Error ] 04/08/2012 04:44:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7009 -> Description = 
System [ Error ] 04/08/2012 04:44:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 04/08/2012 04:44:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7009 -> Description = 
System [ Error ] 04/08/2012 04:44:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 04/08/2012 04:44:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7009 -> Description = 
System [ Error ] 04/08/2012 04:44:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 04/08/2012 04:44:45 Computer Name = Eamonns | Source = Service Control Manager | ID = 7022 -> Description = 
System [ Error ] 04/08/2012 04:47:16 Computer Name = Eamonns | Source = Service Control Manager | ID = 7009 -> Description = 
System [ Error ] 04/08/2012 04:47:17 Computer Name = Eamonns | Source = Service Control Manager | ID = 7038 -> Description = 
System [ Error ] 04/08/2012 04:47:17 Computer Name = Eamonns | Source = Service Control Manager | ID = 7000 -> Description = 
 
[Files/Folders - Created Within 30 Days]
 Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2012/08/03 20:55:07 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/08/03 19:25:54 | 000,000,000 | -HSD | C]
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/08/03 19:11:11 | 000,060,416 | ---- | C] (NirSoft)
 ComboFix -> C:\ComboFix -> [2012/08/03 19:11:06 | 000,000,000 | ---D | C]
 baffledUK123 -> C:\baffledUK123 -> [2012/07/22 17:41:38 | 000,000,000 | ---D | C]
 MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2012/07/22 13:08:11 | 000,000,000 | ---D | C]
 ErrorTeck -> C:\Users\currys\AppData\Roaming\ErrorTeck -> [2012/07/19 19:12:40 | 000,000,000 | ---D | C]
 PIF -> C:\Windows\PIF -> [2012/07/19 19:12:35 | 000,000,000 | -H-D | C]
 BaffledUK.123 -> C:\BaffledUK.123 -> [2012/07/17 23:15:12 | 000,000,000 | ---D | C]
 uninst.exe -> C:\Windows\uninst.exe -> [2012/07/17 21:44:45 | 004,448,056 | ---- | C] (PC Cleaners)
 win32k.sys -> C:\Windows\System32\win32k.sys -> [2012/07/11 21:10:45 | 002,047,488 | ---- | C] (Microsoft Corporation)
 mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2012/07/11 21:05:52 | 002,382,848 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\System32\ieui.dll -> [2012/07/11 21:05:51 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2012/07/11 21:05:51 | 000,142,848 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\System32\jscript9.dll -> [2012/07/11 21:05:50 | 001,800,192 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\System32\url.dll -> [2012/07/11 21:05:50 | 000,231,936 | ---- | C] (Microsoft Corporation)
 jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2012/07/11 21:05:50 | 000,065,024 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2012/07/11 21:05:49 | 001,427,968 | ---- | C] (Microsoft Corporation)
 ncrypt.dll -> C:\Windows\System32\ncrypt.dll -> [2012/07/10 23:30:33 | 000,204,288 | ---- | C] (Microsoft Corporation)
 _OTL -> C:\_OTL -> [2012/07/10 23:05:43 | 000,000,000 | ---D | C]
 OpenOffice.org 3.4 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 -> [2012/07/06 18:53:42 | 000,000,000 | --SD | C]
 Config.Msi -> C:\Config.Msi -> [2012/07/06 11:58:54 | 000,000,000 | ---D | C]
 tdsskiller(4).exe -> C:\Users\currys\Desktop\tdsskiller(4).exe -> [2012/07/06 10:41:36 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO)
 Java -> C:\Program Files\Common Files\Java -> [2012/07/05 23:20:04 | 000,000,000 | ---D | C]
 npDeployJava1.dll -> C:\Windows\System32\npDeployJava1.dll -> [2012/07/05 23:19:40 | 000,772,592 | ---- | C] (Oracle Corporation)
 javaws.exe -> C:\Windows\System32\javaws.exe -> [2012/07/05 23:19:40 | 000,227,824 | ---- | C] (Oracle Corporation)
 javaw.exe -> C:\Windows\System32\javaw.exe -> [2012/07/05 23:19:26 | 000,174,064 | ---- | C] (Oracle Corporation)
 java.exe -> C:\Windows\System32\java.exe -> [2012/07/05 23:19:26 | 000,174,064 | ---- | C] (Oracle Corporation)
 
[Files/Folders - Modified Within 30 Days]
 Recovery DVD Creator-currys.job -> C:\Windows\tasks\Recovery DVD Creator-currys.job -> [2012/08/04 10:00:00 | 000,000,342 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/08/04 09:58:01 | 000,000,886 | ---- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2012/08/04 09:47:47 | 000,668,012 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2012/08/04 09:47:47 | 000,136,484 | ---- | M] ()
 User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job -> C:\Windows\tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job -> [2012/08/04 09:45:31 | 000,000,394 | -H-- | M] ()
 LogConfigTemp.xml -> C:\Windows\System32\LogConfigTemp.xml -> [2012/08/04 09:43:23 | 000,000,000 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/08/04 09:43:05 | 000,000,882 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job -> [2012/08/04 09:43:04 | 000,000,860 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/08/04 09:42:59 | 000,003,344 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/08/04 09:42:59 | 000,003,344 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012/08/04 09:42:55 | 000,067,584 | --S- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/08/03 22:34:00 | 000,000,830 | ---- | M] ()
 hosts -> C:\Windows\System32\drivers\etc\hosts -> [2012/08/03 19:23:04 | 000,000,027 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\System32\FlashPlayerApp.exe -> [2012/08/03 18:34:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\System32\FlashPlayerCPLApp.cpl -> [2012/08/03 18:34:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated)
 Microsoft Fix it.url -> C:\Users\currys\Desktop\Microsoft Fix it.url -> [2012/08/02 23:02:23 | 000,000,134 | ---- | M] ()
 Football Manager 2010.url -> C:\Users\currys\Desktop\Football Manager 2010.url -> [2012/07/23 21:09:23 | 000,000,215 | ---- | M] ()
 confirmation.jsp.htm -> C:\Users\currys\Desktop\confirmation.jsp.htm -> [2012/07/23 20:44:15 | 000,013,044 | ---- | M] ()
 ComboFix - Shortcut.lnk -> C:\Users\currys\Desktop\ComboFix - Shortcut.lnk -> [2012/07/22 18:24:08 | 000,000,545 | ---- | M] ()
 HiJackThis.lnk -> C:\Users\currys\Desktop\HiJackThis.lnk -> [2012/07/18 23:56:15 | 000,002,525 | ---- | M] ()
 CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2012/07/14 20:06:37 | 000,000,806 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/07/14 19:55:13 | 000,000,908 | ---- | M] ()
 SystemLook - Shortcut.lnk -> C:\Users\currys\Desktop\SystemLook - Shortcut.lnk -> [2012/07/12 22:56:57 | 000,000,555 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2012/07/11 21:29:59 | 000,322,288 | ---- | M] ()
 OTL - Shortcut.lnk -> C:\Users\currys\Desktop\OTL - Shortcut.lnk -> [2012/07/10 23:05:03 | 000,000,514 | ---- | M] ()
 Reply to thread 'Internet Options in Control Panel missing'.eml -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml -> [2012/07/08 23:49:44 | 000,004,857 | ---- | M] ()
 RogueKiller(1).exe -> C:\Users\currys\Desktop\RogueKiller(1).exe -> [2012/07/08 19:40:57 | 001,558,016 | ---- | M] ()
 _MSRSTRT.EXE -> C:\Windows\_MSRSTRT.EXE -> [2012/07/06 13:47:29 | 000,002,560 | ---- | M] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2012/07/06 12:00:10 | 000,001,945 | ---- | M] ()
 tdsskiller(4).exe -> C:\Users\currys\Desktop\tdsskiller(4).exe -> [2012/07/06 10:41:40 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO)
 java - Shortcut.lnk -> C:\Users\currys\Desktop\java - Shortcut.lnk -> [2012/07/05 23:31:17 | 000,001,359 | ---- | M] ()
 javaws.exe -> C:\Windows\System32\javaws.exe -> [2012/07/05 23:19:14 | 000,227,824 | ---- | M] (Oracle Corporation)
 npDeployJava1.dll -> C:\Windows\System32\npDeployJava1.dll -> [2012/07/05 23:19:13 | 000,772,592 | ---- | M] (Oracle Corporation)
 deployJava1.dll -> C:\Windows\System32\deployJava1.dll -> [2012/07/05 23:19:13 | 000,687,600 | ---- | M] (Oracle Corporation)
 javaw.exe -> C:\Windows\System32\javaw.exe -> [2012/07/05 23:19:13 | 000,174,064 | ---- | M] (Oracle Corporation)
 java.exe -> C:\Windows\System32\java.exe -> [2012/07/05 23:19:13 | 000,174,064 | ---- | M] (Oracle Corporation)
 
[Files - No Company Name]
 winstart.bat -> C:\Users\currys\Desktop\winstart.bat -> [2012/08/02 20:10:22 | 000,000,002 | RHS- | C] ()
 Football Manager 2010.url -> C:\Users\currys\Desktop\Football Manager 2010.url -> [2012/07/23 21:09:23 | 000,000,215 | ---- | C] ()
 confirmation.jsp.htm -> C:\Users\currys\Desktop\confirmation.jsp.htm -> [2012/07/23 20:44:14 | 000,013,044 | ---- | C] ()
 ComboFix - Shortcut.lnk -> C:\Users\currys\Desktop\ComboFix - Shortcut.lnk -> [2012/07/22 18:24:08 | 000,000,545 | ---- | C] ()
 SystemLook - Shortcut.lnk -> C:\Users\currys\Desktop\SystemLook - Shortcut.lnk -> [2012/07/12 22:56:56 | 000,000,555 | ---- | C] ()
 OTL - Shortcut.lnk -> C:\Users\currys\Desktop\OTL - Shortcut.lnk -> [2012/07/10 23:05:03 | 000,000,514 | ---- | C] ()
 Reply to thread 'Internet Options in Control Panel missing'.eml -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml -> [2012/07/08 23:49:43 | 000,004,857 | ---- | C] ()
 RogueKiller(1).exe -> C:\Users\currys\Desktop\RogueKiller(1).exe -> [2012/07/08 19:40:56 | 001,558,016 | ---- | C] ()
 User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job -> C:\Windows\tasks\User_Feed_Synchronization-{A65AEF0B-B822-4C24-B3BE-67EE9605EB86}.job -> [2012/07/08 00:57:14 | 000,000,394 | -H-- | C] ()
 _MSRSTRT.EXE -> C:\Windows\_MSRSTRT.EXE -> [2012/07/06 13:47:29 | 000,002,560 | ---- | C] ()
 java - Shortcut.lnk -> C:\Users\currys\Desktop\java - Shortcut.lnk -> [2012/07/05 23:30:52 | 000,001,359 | ---- | C] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2012/07/01 01:13:20 | 000,322,288 | ---- | C] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2012/06/24 11:02:02 | 000,000,487 | ---- | C] ()
 {A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5} -> C:\Users\currys\AppData\Local\{A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5} -> [2012/01/29 12:35:23 | 000,000,000 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2012/01/01 19:41:40 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2012/01/01 19:41:40 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2012/01/01 19:41:40 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2012/01/01 19:41:40 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2012/01/01 19:41:40 | 000,068,096 | ---- | C] ()
 RtNicProp32.dll -> C:\Windows\System32\RtNicProp32.dll -> [2011/12/26 14:05:56 | 000,080,416 | ---- | C] ()
 repository.xml -> C:\ProgramData\repository.xml -> [2011/12/02 23:16:09 | 000,001,043 | ---- | C] ()
 fusioncache.dat -> C:\Users\currys\AppData\Local\fusioncache.dat -> [2011/06/17 21:23:38 | 000,000,094 | ---- | C] ()
 Irremote.ini -> C:\Windows\Irremote.ini -> [2011/03/03 21:18:09 | 000,000,000 | ---- | C] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/02/06 01:16:30 | 000,000,258 | RHS- | C] ()
 mlfcache.dat -> C:\Windows\System32\mlfcache.dat -> [2010/08/09 22:45:44 | 000,128,356 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 1077 bytes -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml:OECustomProperty
< End of report >
```
Hi Eddie sorry for the delay with this one had to wait for OTL website


----------



## eddie5659 (Mar 19, 2001)

Excellent, that looks a lot better 

How's the computer now, has the original problems gone?

If they are, we'll remove the tools we've used, but I'll wait for your reply before I post 

eddie


----------



## baffledUK (Jul 2, 2012)

Unfortunately they are still there........... no internet options in control Panel just the icon ( no wording below the icon). Internet explorer won't run from desktop.


----------



## eddie5659 (Mar 19, 2001)

Can you see if you can do this:

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

eddie


----------



## baffledUK (Jul 2, 2012)

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

Means nothing to me what next?


----------



## eddie5659 (Mar 19, 2001)

Did it not ask for a windows disk, as it looked like it found corrupt files?

If not, and you have Windows on a disk, pop it in beforehand (if it starts up with the Windows bits and bats, just close that down)

and then try the SFC scan again, as you did before.


----------



## baffledUK (Jul 2, 2012)

sorry but it didn't ask for disk, anyway I don't have windows on a disk.


----------



## eddie5659 (Mar 19, 2001)

Nuts 

Okay, can you upload the log that was obtained, at C:\Windows\Logs\CBS\CBS.log


----------



## baffledUK (Jul 2, 2012)

Hi Eddie problems again CBS file that's been created ..well, when I try to open, it says access is denied. I tried going to file location there appears to be 5 logs: CBS CBS.persist CheckSUR CheckSURpersist and Filterlist. They are too large to get to you any bright ideas?


----------



## eddie5659 (Mar 19, 2001)

Okay, see if this works:

Go to Start | Programs | Accessories.

Right-click on the *cmd* and select *Run as Administrator*.

Copy the following, and then paste it into at the command prompt by right-clicking and selecting Paste:

*findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*

And press *Enter*

This will place a *sfcdetails.txt* file on your desktop with the SFC scan details from the CBS.LOG. Zip up the file and attach it to your next post.


----------



## baffledUK (Jul 2, 2012)

No joy Eddie pasted in, don't get chance to press enter. It just prompts C:\Windows\system32


----------



## eddie5659 (Mar 19, 2001)

Sorry about the lateness, work is very demanding at the moment, and was out most of the weekend.

When you opened up the command prompt, did you select run as Administrator?

If you did, you may have to manually type in the details that are in bold for it to work.

If still no joy, we'll look at another way.


----------



## baffledUK (Jul 2, 2012)

Hi Eddie yep tried as suggested ran as admin manually typed in............nothing


----------



## eddie5659 (Mar 19, 2001)

Okay, lets try it this way:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop



> *
> C:\Windows\Logs\CBS\CBS.log
> *


Attach it here in your reply:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to the zip you just created on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## baffledUK (Jul 2, 2012)

Here is hopefully the file you need


----------



## eddie5659 (Mar 19, 2001)

Nothing there, as in the log 

Is the actual CBS log still showing in the folder:

C:\Windows\Logs\CBS\

It should have a Notepad as the icon.

If it is, you know when you tried the command prompt part earlier, do you have on your desktop a file called:

sfcdetails.txt

If not, try it this way, by going via Admin and typing:

*notepad c:\windows\logs\cbs\cbs.log*

And it should open in Notepad. Then, save it to your desktop via Notepad as normal, and then upload it.


----------



## baffledUK (Jul 2, 2012)

2012-06-30 05:55:59, Info CBS Archived log file: C:\Windows\Logs\CBS\CBS.log to: C:\Windows\Logs\CBS\CBS.persist.log
2012-06-30 05:55:59, Info CBS Loaded Servicing Stack v6.0.6002.18005 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cbscore.dll
2012-06-30 05:55:59, Info CSI [email protected]/6/30:04:55:59.849 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x657e8a50 @0x6ad3854e @0x6ad163a1 @0xf51392 @0xf51ed4 @0xf517cb)
2012-06-30 05:55:59, Info CSI [email protected]/6/30:04:55:59.865 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x657e8a50 @0x6ad6e7b6 @0x6ad50f93 @0xf51392 @0xf51ed4 @0xf517cb)
2012-06-30 05:55:59, Info CSI [email protected]/6/30:04:55:59.865 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x657e8a50 @0x6e2b1a0d @0x6e2b1794 @0xf5360b @0xf52be3 @0xf517cb)
2012-06-30 05:55:59, Info CBS NonStart: Checking to ensure startup processing was not required.
2012-06-30 05:55:59, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xfdfbb0
2012-06-30 05:55:59, Info CBS NonStart: Success, startup processing not required as expected.
2012-06-30 05:56:00, Info CSI 00000005 CSI Store 2779496 (0x002a6968) initialized
2012-06-30 05:56:00, Info CBS Session: 30234236:2760667775 initialized.
2012-06-30 05:56:00, Info CBS Session: 30234236:2760667775 finalized. Reboot required: no
2012-06-30 05:56:00, Info CBS Session: 30234236:2760667776 initialized.
2012-06-30 05:56:00, Info CBS Session: 30234236:2760667776 finalized. Reboot required: no
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219775 initialized.
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219775 finalized. Reboot required: no
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219776 initialized.
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219776 finalized. Reboot required: no
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219777 initialized.
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219777 finalized. Reboot required: no
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219778 initialized.
2012-06-30 05:56:00, Info CBS Session: 30234236:2767219778 finalized. Reboot required: no
2012-06-30 05:56:02, Info CBS Session: 30234236:2780479775 initialized.
2012-06-30 05:56:02, Info CBS Session: 30234236:2780479775 finalized. Reboot required: no
2012-06-30 05:56:02, Info CBS Session: 30234236:2780479776 initialized.
2012-06-30 05:56:02, Info CBS Session: 30234236:2780479776 finalized. Reboot required: no
2012-06-30 05:56:04, Info CBS Session: 30234236:2806375775 initialized.
2012-06-30 05:56:04, Info CBS Session: 30234236:2806375775 finalized. Reboot required: no
2012-06-30 05:56:04, Info CBS Session: 30234236:2806375776 initialized.
2012-06-30 05:56:04, Info CBS Session: 30234236:2806375776 finalized. Reboot required: no
2012-06-30 05:56:04, Info CBS Session: 30234236:2806375777 initialized.
2012-06-30 05:56:04, Info CBS Session: 30234236:2806375777 finalized. Reboot required: no
2012-06-30 05:56:04, Info CBS Session: 30234236:2806531775 initialized.
2012-06-30 05:56:04, Info CBS Session: 30234236:2806531775 finalized. Reboot required: no
2012-06-30 05:56:27, Info CBS Session: 30234236:3037411775 initialized.
2012-06-30 05:56:27, Info CBS Read out cached package applicability for package: Package_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:27, Info CBS Session: 30234236:3037411775 finalized. Reboot required: no
2012-06-30 05:56:27, Info CBS Session: 30234236:3038971775 initialized.
2012-06-30 05:56:27, Info CBS Read out cached package applicability for package: Microsoft-Windows-AutomationAPI-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6002.18156, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:27, Info CBS Session: 30234236:3038971775 finalized. Reboot required: no
2012-06-30 05:56:27, Info CBS Session: 30234236:3038971776 initialized.
2012-06-30 05:56:27, Info CBS Read out cached package applicability for package: Microsoft-Windows-WPD7IP-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18112, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:27, Info CBS Session: 30234236:3038971776 finalized. Reboot required: no
2012-06-30 05:56:27, Info CBS Session: 30234236:3039127775 initialized.
2012-06-30 05:56:27, Info CBS Read out cached package applicability for package: Microsoft-Windows-DGT-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18107, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:27, Info CBS Session: 30234236:3039127775 finalized. Reboot required: no
2012-06-30 05:56:27, Info CBS Session: 30234236:3039283775 initialized.
2012-06-30 05:56:27, Info CBS Read out cached package applicability for package: Microsoft-Windows-UIRibbon-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18108, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:27, Info CBS Session: 30234236:3039283775 finalized. Reboot required: no
2012-06-30 05:56:27, Info CBS Session: 30234236:3039907775 initialized.
2012-06-30 05:56:27, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~lt-LT~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:27, Info CBS Session: 30234236:3039907775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3161587775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3161587775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3163615775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB981322~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3163615775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3164083775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB2423089~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3164083775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3164863775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB977864~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:40, Info CBS Session: 30234236:3164863775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3165175775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB974307~31bf3856ad364e35~x86~~6.1.1.2, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:40, Info CBS Session: 30234236:3165175775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3165331775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB966315~31bf3856ad364e35~x86~~6.1.1.2, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:40, Info CBS Session: 30234236:3165331775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3165331776 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB972270~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3165331776 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3165487775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:2
2012-06-30 05:56:40, Info CBS Session: 30234236:3165487775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3166267775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB979910~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3166267775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3166579775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB971961~31bf3856ad364e35~x86~~8.0.1.1, ApplicableState: 0, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3166579775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3166735775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3166735775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3167983775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB2585542~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3167983775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3169075775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~hr-HR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:40, Info CBS Session: 30234236:3169075775 finalized. Reboot required: no
2012-06-30 05:56:40, Info CBS Session: 30234236:3169543775 initialized.
2012-06-30 05:56:40, Info CBS Read out cached package applicability for package: Package_for_KB2718704~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:40, Info CBS Session: 30234236:3169543775 finalized. Reboot required: no
2012-06-30 05:56:41, Info CBS Session: 30234236:3172195775 initialized.
2012-06-30 05:56:41, Info CBS Read out cached package applicability for package: Package_for_KB2507618~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:41, Info CBS Session: 30234236:3172195775 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3196219775 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB2508429~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:43, Info CBS Session: 30234236:3196219775 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3196375775 initialized.
2012-06-30 05:56:43, Info CBS Session: 30234236:3196375775 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197155775 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB2676562~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:43, Info CBS Session: 30234236:3197155775 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197155776 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB2621146~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:43, Info CBS Session: 30234236:3197155776 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197311775 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB2601626~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:43, Info CBS Session: 30234236:3197311775 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197311776 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB2579686~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:43, Info CBS Session: 30234236:3197311776 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197467775 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB946253~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:0
2012-06-30 05:56:43, Info CBS Session: 30234236:3197467775 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197467776 initialized.
2012-06-30 05:56:43, Info CBS Session: 30234236:3197467776 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197467777 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB2419640~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:43, Info CBS Session: 30234236:3197467777 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197623775 initialized.
2012-06-30 05:56:43, Info CBS Read out cached package applicability for package: Package_for_KB2628642~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:43, Info CBS Session: 30234236:3197623775 finalized. Reboot required: no
2012-06-30 05:56:43, Info CBS Session: 30234236:3197779775 initialized.
2012-06-30 05:56:43, Info CBS  Read out cached package applicability for package: Package_for_KB982480~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:43, Info CBS Session: 30234236:3197779775 finalized. Reboot required: no
2012-06-30 05:56:44, Info CBS Session: 30234236:3202303775 initialized.
2012-06-30 05:56:44, Info CBS Read out cached package applicability for package: Package_for_KB2646524~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:44, Info CBS Session: 30234236:3202303775 finalized. Reboot required: no
2012-06-30 05:56:44, Info CBS Session: 30234236:3208231775 initialized.
2012-06-30 05:56:45, Info CBS Read out cached package applicability for package: Package_for_KB967723~31bf3856ad364e35~x86~~6.0.1.7, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:45, Info CBS Session: 30234236:3208231775 finalized. Reboot required: no
2012-06-30 05:56:45, Info CBS Session: 30234236:3215095775 initialized.
2012-06-30 05:56:45, Info CBS Read out cached package applicability for package: Package_for_KB2511455~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:45, Info CBS Session: 30234236:3215095775 finalized. Reboot required: no
2012-06-30 05:56:45, Info CBS Session: 30234236:3216967775 initialized.
2012-06-30 05:56:45, Info CBS Read out cached package applicability for package: Package_for_KB970710~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:45, Info CBS Session: 30234236:3216967775 finalized. Reboot required: no
2012-06-30 05:56:45, Info CBS Session: 30234236:3220399775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB2598479~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3220399775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3220555775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB973687~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3220555775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3220711775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB2535512~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3220711775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3220711776 initialized.
2012-06-30 05:56:46, Info CBS Session: 30234236:3220711776 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3221179775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3221179775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3221335775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB2604094~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS  Session: 30234236:3221335775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3221959775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB2532531~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3221959775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3226327775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB2506212~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3226327775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3226483775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB2644615~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3226483775 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3226483776 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB978542~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3226483776 finalized. Reboot required: no
2012-06-30 05:56:46, Info CBS Session: 30234236:3226639775 initialized.
2012-06-30 05:56:46, Info CBS Read out cached package applicability for package: Package_for_KB982665~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:46, Info CBS Session: 30234236:3226639775 finalized. Reboot required: no
2012-06-30 05:56:47, Info CBS Session: 30234236:3233503775 initialized.
2012-06-30 05:56:47, Info CBS Read out cached package applicability for package: Package_for_KB2117917~31bf3856ad364e35~x86~~6.0.1.5, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:47, Info CBS Session: 30234236:3233503775 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3248947775 initialized.
2012-06-30 05:56:48, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~nb-NO~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:48, Info CBS Session: 30234236:3248947775 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3249103775 initialized.
2012-06-30 05:56:48, Info CBS Read out cached package applicability for package: Package_for_KB968816~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:48, Info CBS Session: 30234236:3249103775 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3249103776 initialized.
2012-06-30 05:56:48, Info CBS Read out cached package applicability for package: Package_for_KB981332~31bf3856ad364e35~x86~~8.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:48, Info CBS Session: 30234236:3249103776 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3249415775 initialized.
2012-06-30 05:56:48, Info CBS Read out cached package applicability for package: Package_1_for_KB925028~31bf3856ad364e35~x86~~6.0.0.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:48, Info CBS Session: 30234236:3249415775 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3249727775 initialized.
2012-06-30 05:56:48, Info CBS Read out cached package applicability for package: Package_for_KB2536276~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:48, Info CBS Session: 30234236:3249727775 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3249883775 initialized.
2012-06-30 05:56:48, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~zh-TW~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:48, Info CBS Session: 30234236:3249883775 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3249883776 initialized.
2012-06-30 05:56:48, Info CBS Read out cached package applicability for package: Package_for_KB2509553~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:48, Info CBS Session: 30234236:3249883776 finalized. Reboot required: no
2012-06-30 05:56:48, Info CBS Session: 30234236:3250039775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:2
2012-06-30 05:56:49, Info CBS Session: 30234236:3250039775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3250507775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~hu-HU~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:49, Info CBS Session: 30234236:3250507775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3254251775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB947821~31bf3856ad364e35~x86~~6.0.21.0, ApplicableState: 7, CurrentState:0
2012-06-30 05:56:49, Info CBS Session: 30234236:3254251775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3258463775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB981550~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:49, Info CBS Session: 30234236:3258463775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3258463776 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB979482~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3258463776 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3258619775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB2510581~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:49, Info CBS Session: 30234236:3258619775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3258619776 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB981349~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:49, Info CBS Session: 30234236:3258619776 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3258931775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Microsoft-Windows-AutomationAPI-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6002.18156, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3258931775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3258931776 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Microsoft-Windows-WPD7IP-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18112, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3258931776 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3259087775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Microsoft-Windows-DGT-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18107, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3259087775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3259087776 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Microsoft-Windows-UIRibbon-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18108, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3259087776 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3259243775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB973507~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3259243775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3259399775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3259399775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3259399776 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB2618451~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3259399776 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3259555775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB980842~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3259555775 finalized. Reboot required: no
2012-06-30 05:56:49, Info CBS Session: 30234236:3259867775 initialized.
2012-06-30 05:56:49, Info CBS Read out cached package applicability for package: Package_for_KB2656362~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:49, Info CBS Session: 30234236:3259867775 finalized. Reboot required: no
2012-06-30 05:56:52, Info CBS Session: 30234236:3289819775 initialized.
2012-06-30 05:56:52, Info CBS Read out cached package applicability for package: Package_for_KB2579692~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:52, Info CBS Session: 30234236:3289819775 finalized. Reboot required: no
2012-06-30 05:56:52, Info CBS Session: 30234236:3289975775 initialized.
2012-06-30 05:56:52, Info CBS Read out cached package applicability for package: Package_for_KB2695962~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:52, Info CBS Session: 30234236:3289975775 finalized. Reboot required: no
2012-06-30 05:56:52, Info CBS Session: 30234236:3289975776 initialized.
2012-06-30 05:56:52, Info CBS Read out cached package applicability for package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, ApplicableState: 7, CurrentState:-2
2012-06-30 05:56:52, Info CBS Session: 30234236:3289975776 finalized. Reboot required: no
2012-06-30 05:56:52, Info CBS Session: 30234236:3290131775 initialized.
2012-06-30 05:56:52, Info CBS Read out cached package applicability for package: Package_for_KB2675157~31bf3856ad364e35~x86~~9.1.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:52, Info CBS Session: 30234236:3290131775 finalized. Reboot required: no
2012-06-30 05:56:53, Info CBS Session: 30234236:3295747775 initialized.
2012-06-30 05:56:53, Info CBS Read out cached package applicability for package: Package_for_KB2619339~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:53, Info CBS Session: 30234236:3295747775 finalized. Reboot required: no
2012-06-30 05:56:53, Info CBS Session: 30234236:3296215775 initialized.
2012-06-30 05:56:53, Info CBS Read out cached package applicability for package: Package_for_KB2483614~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:53, Info CBS Session: 30234236:3296215775 finalized. Reboot required: no
2012-06-30 05:56:53, Info CBS Session: 30234236:3296215776 initialized.
2012-06-30 05:56:53, Info CBS Read out cached package applicability for package: Package_for_KB2492386~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:53, Info CBS Session: 30234236:3296215776 finalized. Reboot required: no
2012-06-30 05:56:53, Info CBS Session: 30234236:3296371775 initialized.
2012-06-30 05:56:53, Info CBS Read out cached package applicability for package: Package_for_KB2347290~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:53, Info CBS Session: 30234236:3296371775 finalized. Reboot required: no
2012-06-30 05:56:53, Info CBS Session: 30234236:3296683775 initialized.
2012-06-30 05:56:53, Info CBS Read out cached package applicability for package: Package_for_KB2690533~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:53, Info CBS Session: 30234236:3296683775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3301051775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB975254~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:54, Info CBS Session: 30234236:3301051775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3301207775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB971657~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3301207775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3301207776 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB2653956~31bf3856ad364e35~x86~~6.0.1.4, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3301207776 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3301363775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB982132~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3301363775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3301519775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB2503665~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3301519775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3301675775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB971029~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3301675775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3302455775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB2481109~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3302455775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3302611775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB976662~31bf3856ad364e35~x86~~8.0.1.0, ApplicableState: 0, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3302611775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3306355775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB2478935~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3306355775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3307135775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB982666~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:0
2012-06-30 05:56:54, Info CBS Session: 30234236:3307135775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3307447775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_1_for_KB929399~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: -17, CurrentState:0
2012-06-30 05:56:54, Info CBS Session: 30234236:3307447775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3308383775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB981997~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3308383775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3308383776 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB2536275~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3308383776 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3308539775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~de-DE~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:54, Info CBS Session: 30234236:3308539775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3308851775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~he-IL~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:54, Info CBS Session: 30234236:3308851775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3309007775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~en-US~6.0.1.18000, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3309007775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3309163775 initialized.
2012-06-30 05:56:54, Info CBS Session: 30234236:3309163775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3309631775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB2679255~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3309631775 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3309631776 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: Package_for_KB2688338~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:54, Info CBS Session: 30234236:3309631776 finalized. Reboot required: no
2012-06-30 05:56:54, Info CBS Session: 30234236:3309787775 initialized.
2012-06-30 05:56:54, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sl-SI~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:54, Info CBS Session: 30234236:3309787775 finalized. Reboot required: no
2012-06-30 05:56:55, Info CBS Session: 30234236:3313219775 initialized.
2012-06-30 05:56:55, Info CBS Read out cached package applicability for package: Package_for_KB2544521~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:55, Info CBS Session: 30234236:3313219775 finalized. Reboot required: no
2012-06-30 05:56:55, Info CBS Session: 30234236:3313219776 initialized.
2012-06-30 05:56:55, Info CBS Read out cached package applicability for package: Package_for_KB976470~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:55, Info CBS Session: 30234236:3313219776 finalized. Reboot required: no
2012-06-30 05:56:56, Info  CBS Session: 30234236:3327571775 initialized.
2012-06-30 05:56:56, Info CBS Read out cached package applicability for package: Package_for_KB975558~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:56, Info CBS Session: 30234236:3327571775 finalized. Reboot required: no
2012-06-30 05:56:56, Info CBS Session: 30234236:3327571776 initialized.
2012-06-30 05:56:56, Info CBS Read out cached package applicability for package: Package_for_KB2660649~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:56, Info CBS Session: 30234236:3327571776 finalized. Reboot required: no
2012-06-30 05:56:56, Info CBS Session: 30234236:3327883775 initialized.
2012-06-30 05:56:56, Info CBS Read out cached package applicability for package: Package_for_KB2544893~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:56, Info CBS Session: 30234236:3327883775 finalized. Reboot required: no
2012-06-30 05:56:56, Info CBS Session: 30234236:3328351775 initialized.
2012-06-30 05:56:56, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~nl-NL~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:56, Info CBS Session: 30234236:3328351775 finalized. Reboot required: no
2012-06-30 05:56:56, Info CBS Session: 30234236:3328351776 initialized.
2012-06-30 05:56:56, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~es-ES~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:56, Info CBS Session: 30234236:3328351776 finalized. Reboot required: no
2012-06-30 05:56:57, Info CBS Session: 30234236:3339895775 initialized.
2012-06-30 05:56:57, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~pt-PT~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:57, Info CBS Session: 30234236:3339895775 finalized. Reboot required: no
2012-06-30 05:56:57, Info CBS Session: 30234236:3339895776 initialized.
2012-06-30 05:56:57, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sv-SE~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:57, Info CBS Session: 30234236:3339895776 finalized. Reboot required: no
2012-06-30 05:56:57, Info CBS Session: 30234236:3340051775 initialized.
2012-06-30 05:56:57, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~bg-BG~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:57, Info CBS Session: 30234236:3340051775 finalized. Reboot required: no
2012-06-30 05:56:57, Info CBS Session: 30234236:3340207775 initialized.
2012-06-30 05:56:57, Info CBS Read out cached package applicability for package: Package_for_KB961501~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:57, Info CBS Session: 30234236:3340207775 finalized. Reboot required: no
2012-06-30 05:56:57, Info CBS Session: 30234236:3340207776 initialized.
2012-06-30 05:56:58, Info CBS Read out cached package applicability for package: Package_for_KB2564958~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:58, Info CBS Session: 30234236:3340207776 finalized. Reboot required: no
2012-06-30 05:56:58, Info CBS Session: 30234236:3340987775 initialized.
2012-06-30 05:56:58, Info CBS Read out cached package applicability for package: Package_for_KB2505189~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:58, Info CBS Session: 30234236:3340987775 finalized. Reboot required: no
2012-06-30 05:56:58, Info CBS Session: 30234236:3341455775 initialized.
2012-06-30 05:56:58, Info CBS Read out cached package applicability for package: Package_for_KB2584146~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:58, Info CBS Session: 30234236:3341455775 finalized. Reboot required: no
2012-06-30 05:56:58, Info CBS Session: 30234236:3341455776 initialized.
2012-06-30 05:56:58, Info CBS Read out cached package applicability for package: Package_for_KB2387149~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:58, Info CBS Session: 30234236:3341455776 finalized. Reboot required: no
2012-06-30 05:56:58, Info CBS Session: 30234236:3341611775 initialized.
2012-06-30 05:56:58, Info CBS Read out cached package applicability for package: Package_for_KB975560~31bf3856ad364e35~x86~~6.0.1.5, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:58, Info CBS Session: 30234236:3341611775 finalized. Reboot required: no
2012-06-30 05:56:58, Info CBS Session: 30234236:3348631775 initialized.
2012-06-30 05:56:58, Info CBS Read out cached package applicability for package: Package_for_KB982799~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:58, Info CBS Session: 30234236:3348631775 finalized. Reboot required: no
2012-06-30 05:56:59, Info CBS Session: 30234236:3352063775 initialized.
2012-06-30 05:56:59, Info CBS Read out cached package applicability for package: Package_for_KB2659262~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:59, Info CBS Session: 30234236:3352063775 finalized. Reboot required: no
2012-06-30 05:56:59, Info CBS Session: 30234236:3355963775 initialized.
2012-06-30 05:56:59, Info CBS Read out cached package applicability for package: Package_for_KB2654428~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:59, Info CBS Session: 30234236:3355963775 finalized. Reboot required: no
2012-06-30 05:56:59, Info CBS Session: 30234236:3356119775 initialized.
2012-06-30 05:56:59, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ja-JP~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:59, Info CBS Session: 30234236:3356119775 finalized. Reboot required: no
2012-06-30 05:56:59, Info CBS Session: 30234236:3359551775 initialized.
2012-06-30 05:56:59, Info CBS Read out cached package applicability for package: Package_for_KB2545698~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:59, Info CBS Session: 30234236:3359551775 finalized. Reboot required: no
2012-06-30 05:56:59, Info CBS Session: 30234236:3359707775 initialized.
2012-06-30 05:56:59, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~zh-CN~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:59, Info CBS Session: 30234236:3359707775 finalized. Reboot required: no
2012-06-30 05:56:59, Info CBS Session: 30234236:3359863775 initialized.
2012-06-30 05:56:59, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~uk-UA~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:56:59, Info CBS Session: 30234236:3359863775 finalized. Reboot required: no
2012-06-30 05:56:59, Info CBS Session: 30234236:3359863776 initialized.
2012-06-30 05:56:59, Info CBS Read out cached package applicability for package: Package_for_KB968389~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:56:59, Info CBS Session: 30234236:3359863776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3361111775 initialized.
2012-06-30 05:57:00, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~cs-CZ~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:00, Info CBS Session: 30234236:3361111775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3361267775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3361267775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3362203775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3362203775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3362983778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363139779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295777 initialized.
2012-06-30 05:57:00, Info  CBS Session: 30234236:3363295777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363295779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363451779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363607779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363763778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3363919779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364075779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364231778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364387775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364387775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364387776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364387776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364387777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364387777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364543779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364699779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3364855778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365011779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365167775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365167775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365167776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365167776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365167777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365167777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365323779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365479778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365635779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791779 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365791779 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947776 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947777 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947777 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947778 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3365947778 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3366103775 initialized.
2012-06-30 05:57:00, Info CBS Session: 30234236:3366103775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3366103776 initialized.
2012-06-30 05:57:00, Info CBS Read out cached package applicability for package: Package_for_KB2522422~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:00, Info CBS Session: 30234236:3366103776 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3366259775 initialized.
2012-06-30 05:57:00, Info CBS Read out cached package applicability for package: Package_for_KB2281679~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:00, Info CBS Session: 30234236:3366259775 finalized. Reboot required: no
2012-06-30 05:57:00, Info CBS Session: 30234236:3366259776 initialized.
2012-06-30 05:57:00, Info CBS Read out cached package applicability for package: Package_for_KB960859~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 4, CurrentState:0
2012-06-30 05:57:00, Info CBS Session: 30234236:3366259776 finalized. Reboot required: no
2012-06-30 05:57:01, Info CBS Session: 30234236:3373123775 initialized.
2012-06-30 05:57:01, Info CBS Read out cached package applicability for package: Package_for_KB2479943~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:01, Info CBS Session: 30234236:3373123775 finalized. Reboot required: no
2012-06-30 05:57:01, Info CBS Session: 30234236:3373123776 initialized.
2012-06-30 05:57:01, Info CBS Read out cached package applicability for package: Package_for_KB977816~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:01, Info CBS Session: 30234236:3373123776 finalized. Reboot required: no
2012-06-30 05:57:01, Info CBS Session: 30234236:3373279775 initialized.
2012-06-30 05:57:01, Info CBS Read out cached package applicability for package: Microsoft-Windows-MediaPlayer-OOB-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6000.16386, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:01, Info CBS Session: 30234236:3373279775 finalized. Reboot required: no
2012-06-30 05:57:01, Info CBS Session: 30234236:3373591775 initialized.
2012-06-30 05:57:01, Info CBS Read out cached package applicability for package: Package_for_KB971961~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:01, Info CBS Session: 30234236:3373591775 finalized. Reboot required: no
2012-06-30 05:57:01, Info CBS Session: 30234236:3377959775 initialized.
2012-06-30 05:57:01, Info CBS Read out cached package applicability for package: Package_for_KB978338~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:01, Info CBS Session: 30234236:3377959775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3382951775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB956250~31bf3856ad364e35~x86~~6.1.6001.18242, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3382951775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3383107775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB979899~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3383107775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3383107776 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB970430~31bf3856ad364e35~x86~~6.0.1.6, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3383107776 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3384355775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3384355775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3384355776 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB2305420~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3384355776 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3384979775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB976002~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:8
2012-06-30 05:57:02, Info CBS Session: 30234236:3384979775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3385135775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB2494132~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:02, Info CBS Session: 30234236:3385135775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3385291775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3385291775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3388879775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB979309~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3388879775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3388879776 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ar-SA~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:02, Info CBS Session: 30234236:3388879776 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3389035775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~el-GR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:02, Info CBS Session: 30234236:3389035775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3389191775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB2079403~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3389191775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3389191776 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ru-RU~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:02, Info CBS Session: 30234236:3389191776 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3389347775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ro-RO~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:02, Info CBS Session: 30234236:3389347775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3389503775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB2658846~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3389503775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3389815775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Microsoft-Windows-GroupPolicy-Preferences-CSE-Pack-TopLevel~31bf3856ad364e35~x86~~6.0.6001.18123, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:02, Info CBS Session: 30234236:3389815775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3389971775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: Package_for_KB956250~31bf3856ad364e35~x86~~6.1.6001.18242, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:02, Info CBS Session: 30234236:3389971775 finalized. Reboot required: no
2012-06-30 05:57:02, Info CBS Session: 30234236:3390127775 initialized.
2012-06-30 05:57:02, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ko-KR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:02, Info CBS Session: 30234236:3390127775 finalized. Reboot required: no
2012-06-30 05:57:03, Info CBS Session: 30234236:3399643775 initialized.
2012-06-30 05:57:03, Info CBS Read out cached package applicability for package: Package_for_KB2620712~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:03, Info CBS Session: 30234236:3399643775 finalized. Reboot required: no
2012-06-30 05:57:03, Info CBS Session: 30234236:3399799775 initialized.
2012-06-30 05:57:03, Info CBS Read out cached package applicability for package: Package_for_KB973540~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:03, Info CBS Session: 30234236:3399799775 finalized. Reboot required: no
2012-06-30 05:57:03, Info CBS Session: 30234236:3399955775 initialized.
2012-06-30 05:57:03, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~da-DK~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:03, Info CBS Session: 30234236:3399955775 finalized. Reboot required: no
2012-06-30 05:57:03, Info CBS Session: 30234236:3400111775 initialized.
2012-06-30 05:57:03, Info CBS Read out cached package applicability for package: Package_for_KB2631813~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:03, Info CBS Session: 30234236:3400111775 finalized. Reboot required: no
2012-06-30 05:57:03, Info CBS Session: 30234236:3400111776 initialized.
2012-06-30 05:57:03, Info CBS Read out cached package applicability for package: Package_for_KB979099~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:03, Info CBS Session: 30234236:3400111776 finalized. Reboot required: no
2012-06-30 05:57:03, Info CBS Session: 30234236:3400267775 initialized.
2012-06-30 05:57:03, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~fr-FR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:03, Info CBS Session: 30234236:3400267775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3403699775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2124261~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 4, CurrentState:0
2012-06-30 05:57:04, Info CBS Session: 30234236:3403699775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3403855775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3403855775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3403855776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3403855776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3403855777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3403855777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404011778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404167779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404323778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404479778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404635779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791780 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404791780 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3404947779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405103778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405259778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405415779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405571779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405727778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3405883778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406039779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406195778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406351778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406507778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663779 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406663779 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406819775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406819775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406819776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406819776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406819777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406819777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975775 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975776 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975777 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975777 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975778 initialized.
2012-06-30 05:57:04, Info CBS Session: 30234236:3406975778 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3407131775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~zh-HK~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:04, Info CBS Session: 30234236:3407131775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3407443775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:2
2012-06-30 05:57:04, Info CBS Session: 30234236:3407443775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3407911775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB905866~31bf3856ad364e35~x86~~6.0.56.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3407911775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3407911776 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2621440~31bf3856ad364e35~x86~~6.0.1.4, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3407911776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3408379775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~lv-LV~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:04, Info CBS Session: 30234236:3408379775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3408535775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2656409~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3408535775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3408691775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2533623~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3408691775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3408691776 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sr-LATN-CS~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:04, Info CBS Session: 30234236:3408691776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3409003775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB980248~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3409003775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3409315775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2563227~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3409315775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3409315776 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2507938~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3409315776 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3409627775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:2
2012-06-30 05:57:04, Info CBS Session: 30234236:3409627775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3409783775 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB974571~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3409783775 finalized. Reboot required: no
2012-06-30 05:57:04, Info CBS Session: 30234236:3409783776 initialized.
2012-06-30 05:57:04, Info CBS Read out cached package applicability for package: Package_for_KB2467659~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:04, Info CBS Session: 30234236:3409783776 finalized. Reboot required: no
2012-06-30 05:57:05, Info CBS Session: 30234236:3416491775 initialized.
2012-06-30 05:57:05, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~et-EE~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:05, Info CBS Session: 30234236:3416491775 finalized. Reboot required: no
2012-06-30 05:57:05, Info CBS Session: 30234236:3416647775 initialized.
2012-06-30 05:57:05, Info CBS Read out cached package applicability for package: Package_for_KB970238~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:05, Info CBS Session: 30234236:3416647775 finalized. Reboot required: no
2012-06-30 05:57:05, Info CBS Session: 30234236:3416647776 initialized.
2012-06-30 05:57:05, Info CBS Read out cached package applicability for package: Package_1_for_KB925697~31bf3856ad364e35~x86~~6.0.0.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:05, Info CBS Session: 30234236:3416647776 finalized. Reboot required: no
2012-06-30 05:57:05, Info CBS Session: 30234236:3420079775 initialized.
2012-06-30 05:57:05, Info CBS Read out cached package applicability for package: Package_for_KB2709162~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:4
2012-06-30 05:57:05, Info CBS Session: 30234236:3420079775 finalized. Reboot required: no
2012-06-30 05:57:05, Info CBS Session: 30234236:3420079776 initialized.
2012-06-30 05:57:05, Info CBS Read out cached package applicability for package: Package_for_KB973917~31bf3856ad364e35~x86~~6.0.2.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:05, Info CBS Session: 30234236:3420079776 finalized. Reboot required: no
2012-06-30 05:57:05, Info CBS Session: 30234236:3420391775 initialized.
2012-06-30 05:57:05, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~th-TH~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:05, Info CBS Session: 30234236:3420391775 finalized. Reboot required: no
2012-06-30 05:57:06, Info CBS Session: 30234236:3420547775 initialized.
2012-06-30 05:57:06, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~pl-PL~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:06, Info CBS Session: 30234236:3420547775 finalized. Reboot required: no
2012-06-30 05:57:06, Info CBS Session: 30234236:3420547776 initialized.
2012-06-30 05:57:06, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sk-SK~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:06, Info CBS Session: 30234236:3420547776 finalized. Reboot required: no
2012-06-30 05:57:06, Info CBS Session: 30234236:3420703775 initialized.
2012-06-30 05:57:06, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~tr-TR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:06, Info CBS Session: 30234236:3420703775 finalized. Reboot required: no
2012-06-30 05:57:06, Info CBS Session: 30234236:3421327775 initialized.
2012-06-30 05:57:06, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~pt-BR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:06, Info CBS Session: 30234236:3421327775 finalized. Reboot required: no
2012-06-30 05:57:06, Info CBS Session: 30234236:3421327776 initialized.
2012-06-30 05:57:06, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~fi-FI~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:06, Info CBS Session: 30234236:3421327776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3431311775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB2620704~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3431311775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3431311776 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB974318~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3431311776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3431467775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB973565~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3431467775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3431623775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB980842~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3431623775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3431935775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB976768~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3431935775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3432247775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB976772~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3432247775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3432871775 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3432871775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3432871776 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3432871776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433027775 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3433027775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433027776 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3433027776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433027777 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: VistaSP2-KB948465~31bf3856ad364e35~x86~~6.0.1.18005, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:07, Info CBS Session: 30234236:3433027777 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433339775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB2570947~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3433339775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433339776 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3433339776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433495775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB2491683~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:07, Info CBS Session: 30234236:3433495775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433651775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~it-IT~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:07, Info CBS Session: 30234236:3433651775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433651776 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB979688~31bf3856ad364e35~x86~~6.0.3.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3433651776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433807775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Microsoft-Windows-Media-Format-OOB-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6000.16386, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:07, Info CBS Session: 30234236:3433807775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433807776 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3433807776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963775 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963776 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963777 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963777 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963778 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: VistaSP1-KB936330~31bf3856ad364e35~x86~~6.0.1.18000, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:07, Info CBS Session: 30234236:3433963778 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3434119775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB954155~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3434119775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3434275775 initialized.
2012-06-30 05:57:07, Info CBS Session: 30234236:3434275775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3434275776 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Windows-Management-Framework-Core-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18191, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3434275776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3434587775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB972145~31bf3856ad364e35~x86~~6.0.1.5, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3434587775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3435835775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB973768~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3435835775 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3435835776 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB2604105~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3435835776 finalized. Reboot required: no
2012-06-30 05:57:07, Info CBS Session: 30234236:3435991775 initialized.
2012-06-30 05:57:07, Info CBS Read out cached package applicability for package: Package_for_KB975929~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:07, Info CBS Session: 30234236:3435991775 finalized. Reboot required: no
2012-06-30 05:57:28, Info CBS Session: 30234236:3643783775 initialized.
2012-06-30 05:57:28, Info CBS Read out cached package applicability for package: Package_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:28, Info CBS Session: 30234236:3643783775 finalized. Reboot required: no
2012-06-30 05:57:28, Info CBS Session: 30234236:3645343775 initialized.
2012-06-30 05:57:28, Info CBS Read out cached package applicability for package: Microsoft-Windows-AutomationAPI-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6002.18156, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:28, Info CBS Session: 30234236:3645343775 finalized. Reboot required: no
2012-06-30 05:57:28, Info CBS Session: 30234236:3645343776 initialized.
2012-06-30 05:57:28, Info CBS Read out cached package applicability for package: Microsoft-Windows-WPD7IP-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18112, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:28, Info CBS Session: 30234236:3645343776 finalized. Reboot required: no
2012-06-30 05:57:28, Info CBS Session: 30234236:3645499775 initialized.
2012-06-30 05:57:28, Info CBS Read out cached package applicability for package: Microsoft-Windows-DGT-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18107, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:28, Info CBS Session: 30234236:3645499775 finalized. Reboot required: no
2012-06-30 05:57:28, Info CBS Session: 30234236:3645655775 initialized.
2012-06-30 05:57:28, Info CBS Read out cached package applicability for package: Microsoft-Windows-UIRibbon-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18108, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:28, Info CBS Session: 30234236:3645655775 finalized. Reboot required: no
2012-06-30 05:57:28, Info CBS Session: 30234236:3646123775 initialized.
2012-06-30 05:57:28, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~lt-LT~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:28, Info CBS Session: 30234236:3646123775 finalized. Reboot required: no
2012-06-30 05:57:29, Info CBS Session: 30234236:3655327775 initialized.
2012-06-30 05:57:29, Info CBS Read out cached package applicability for package: Package_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:29, Info CBS Session: 30234236:3655327775 finalized. Reboot required: no
2012-06-30 05:57:29, Info CBS Session: 30234236:3657511775 initialized.
2012-06-30 05:57:29, Info CBS Read out cached package applicability for package: Package_for_KB981322~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:29, Info CBS Session: 30234236:3657511775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3659071775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB2423089~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:30, Info CBS Session: 30234236:3659071775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3665779775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB977864~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:30, Info CBS Session: 30234236:3665779775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3665779776 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB974307~31bf3856ad364e35~x86~~6.1.1.2, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:30, Info CBS Session: 30234236:3665779776 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3665935775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB966315~31bf3856ad364e35~x86~~6.1.1.2, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:30, Info CBS Session: 30234236:3665935775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3666091775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB972270~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:30, Info CBS Session: 30234236:3666091775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3666247775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:2
2012-06-30 05:57:30, Info CBS Session: 30234236:3666247775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3667027775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB979910~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:30, Info CBS Session: 30234236:3667027775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3667339775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB971961~31bf3856ad364e35~x86~~8.0.1.1, ApplicableState: 0, CurrentState:7
2012-06-30 05:57:30, Info CBS Session: 30234236:3667339775 finalized. Reboot required: no
2012-06-30 05:57:30, Info CBS Session: 30234236:3667495775 initialized.
2012-06-30 05:57:30, Info CBS Read out cached package applicability for package: Package_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:30, Info CBS Session: 30234236:3667495775 finalized. Reboot required: no
2012-06-30 05:57:31, Info CBS Session: 30234236:3669055775 initialized.
2012-06-30 05:57:31, Info CBS Read out cached package applicability for package: Package_for_KB2585542~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:31, Info CBS Session: 30234236:3669055775 finalized. Reboot required: no
2012-06-30 05:57:31, Info CBS Session: 30234236:3673735775 initialized.
2012-06-30 05:57:31, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~hr-HR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:31, Info CBS Session: 30234236:3673735775 finalized. Reboot required: no
2012-06-30 05:57:31, Info CBS Session: 30234236:3674203775 initialized.
2012-06-30 05:57:31, Info CBS Read out cached package applicability for package: Package_for_KB2718704~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:31, Info CBS Session: 30234236:3674203775 finalized. Reboot required: no
2012-06-30 05:57:32, Info CBS Session: 30234236:3681535775 initialized.
2012-06-30 05:57:32, Info CBS Read out cached package applicability for package: Package_for_KB2507618~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:32, Info CBS Session: 30234236:3681535775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3694951775 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB2508429~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:33, Info CBS Session: 30234236:3694951775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695107775 initialized.
2012-06-30 05:57:33, Info CBS Session: 30234236:3695107775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695419775 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB2676562~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:33, Info CBS Session: 30234236:3695419775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695575775 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB2621146~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:33, Info CBS Session: 30234236:3695575775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695575776 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB2601626~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:33, Info CBS Session: 30234236:3695575776 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695731775 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB2579686~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:33, Info CBS Session: 30234236:3695731775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695731776 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB946253~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:33, Info CBS Session: 30234236:3695731776 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695887775 initialized.
2012-06-30 05:57:33, Info CBS Session: 30234236:3695887775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3695887776 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB2419640~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:33, Info CBS Session: 30234236:3695887776 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3696043775 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB2628642~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:33, Info CBS Session: 30234236:3696043775 finalized. Reboot required: no
2012-06-30 05:57:33, Info CBS Session: 30234236:3696043776 initialized.
2012-06-30 05:57:33, Info CBS Read out cached package applicability for package: Package_for_KB982480~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:33, Info CBS Session: 30234236:3696043776 finalized. Reboot required: no
2012-06-30 05:57:34, Info CBS Session: 30234236:3700723775 initialized.

part 1 of many


----------



## baffledUK (Jul 2, 2012)

2012-06-30 05:57:34, Info CBS Read out cached package applicability for package: Package_for_KB2646524~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:34, Info CBS Session: 30234236:3700723775 finalized. Reboot required: no
2012-06-30 05:57:34, Info CBS Session: 30234236:3706495775 initialized.
2012-06-30 05:57:34, Info CBS Read out cached package applicability for package: Package_for_KB967723~31bf3856ad364e35~x86~~6.0.1.7, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:34, Info CBS Session: 30234236:3706495775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3713671775 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB2511455~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3713671775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3713827775 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB970710~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3713827775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3717259775 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB2598479~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3717259775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3717415775 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB973687~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3717415775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3717415776 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB2535512~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3717415776 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3717571775 initialized.
2012-06-30 05:57:35, Info CBS Session: 30234236:3717571775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3717883775 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3717883775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3718039775 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB2604094~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3718039775 finalized. Reboot required: no
2012-06-30 05:57:35, Info CBS Session: 30234236:3718663775 initialized.
2012-06-30 05:57:35, Info CBS Read out cached package applicability for package: Package_for_KB2532531~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:35, Info CBS Session: 30234236:3718663775 finalized. Reboot required: no
2012-06-30 05:57:36, Info CBS Session: 30234236:3723031775 initialized.
2012-06-30 05:57:36, Info CBS Read out cached package applicability for package: Package_for_KB2506212~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:36, Info CBS Session: 30234236:3723031775 finalized. Reboot required: no
2012-06-30 05:57:36, Info CBS Session: 30234236:3723031776 initialized.
2012-06-30 05:57:36, Info CBS Read out cached package applicability for package: Package_for_KB2644615~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:36, Info CBS Session: 30234236:3723031776 finalized. Reboot required: no
2012-06-30 05:57:36, Info CBS Session: 30234236:3723187775 initialized.
2012-06-30 05:57:36, Info CBS Read out cached package applicability for package: Package_for_KB978542~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:36, Info CBS Session: 30234236:3723187775 finalized. Reboot required: no
2012-06-30 05:57:36, Info CBS Session: 30234236:3723187776 initialized.
2012-06-30 05:57:36, Info CBS Read out cached package applicability for package: Package_for_KB982665~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:36, Info CBS Session: 30234236:3723187776 finalized. Reboot required: no
2012-06-30 05:57:36, Info CBS Session: 30234236:3730051775 initialized.
2012-06-30 05:57:37, Info CBS Read out cached package applicability for package: Package_for_KB2117917~31bf3856ad364e35~x86~~6.0.1.5, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:37, Info CBS Session: 30234236:3730051775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3744715775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~nb-NO~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:38, Info CBS Session: 30234236:3744715775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3744871775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: Package_for_KB968816~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:38, Info CBS Session: 30234236:3744871775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3745027775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: Package_for_KB981332~31bf3856ad364e35~x86~~8.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:38, Info CBS Session: 30234236:3745027775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3745027776 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: Package_1_for_KB925028~31bf3856ad364e35~x86~~6.0.0.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:38, Info CBS Session: 30234236:3745027776 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3745339775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: Package_for_KB2536276~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:38, Info CBS Session: 30234236:3745339775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3745495775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~zh-TW~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:38, Info CBS Session: 30234236:3745495775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3745651775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: Package_for_KB2509553~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:38, Info CBS Session: 30234236:3745651775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3745651776 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: Package_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:2
2012-06-30 05:57:38, Info CBS Session: 30234236:3745651776 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3746119775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~hu-HU~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:38, Info CBS Session: 30234236:3746119775 finalized. Reboot required: no
2012-06-30 05:57:38, Info CBS Session: 30234236:3749863775 initialized.
2012-06-30 05:57:38, Info CBS Read out cached package applicability for package: Package_for_KB947821~31bf3856ad364e35~x86~~6.0.21.0, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:38, Info CBS Session: 30234236:3749863775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3753763775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB981550~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:39, Info CBS Session: 30234236:3753763775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3753919775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB979482~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3753919775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3753919776 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB2510581~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:39, Info CBS Session: 30234236:3753919776 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3754075775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB981349~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:39, Info CBS Session: 30234236:3754075775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3754231775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Microsoft-Windows-AutomationAPI-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6002.18156, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3754231775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3754387775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Microsoft-Windows-WPD7IP-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18112, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3754387775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3754387776 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Microsoft-Windows-DGT-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18107, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3754387776 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3754543775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Microsoft-Windows-UIRibbon-Package-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18108, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3754543775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3754699775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB973507~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3754699775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3754855775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3754855775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3755011775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB2618451~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3755011775 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3755011776 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB980842~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3755011776 finalized. Reboot required: no
2012-06-30 05:57:39, Info CBS Session: 30234236:3755323775 initialized.
2012-06-30 05:57:39, Info CBS Read out cached package applicability for package: Package_for_KB2656362~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:39, Info CBS Session: 30234236:3755323775 finalized. Reboot required: no
2012-06-30 05:57:42, Info CBS Session: 30234236:3784495775 initialized.
2012-06-30 05:57:42, Info CBS Read out cached package applicability for package: Package_for_KB2579692~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:42, Info CBS Session: 30234236:3784495775 finalized. Reboot required: no
2012-06-30 05:57:42, Info CBS Session: 30234236:3784495776 initialized.
2012-06-30 05:57:42, Info CBS Read out cached package applicability for package: Package_for_KB2695962~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:42, Info CBS Session: 30234236:3784495776 finalized. Reboot required: no
2012-06-30 05:57:42, Info CBS Session: 30234236:3784651775 initialized.
2012-06-30 05:57:42, Info CBS Session: 30234236:3784651775 finalized. Reboot required: no
2012-06-30 05:57:42, Info CBS Session: 30234236:3784651776 initialized.
2012-06-30 05:57:42, Info CBS Session: 30234236:3784651776 finalized. Reboot required: no
2012-06-30 05:57:42, Info CBS Session: 30234236:3785431775 initialized.
2012-06-30 05:57:42, Info CBS Read out cached package applicability for package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, ApplicableState: 7, CurrentState:-2
2012-06-30 05:57:42, Info CBS Session: 30234236:3785431775 finalized. Reboot required: no
2012-06-30 05:57:42, Info CBS Session: 30234236:3785431776 initialized.
2012-06-30 05:57:42, Info CBS Read out cached package applicability for package: Package_for_KB2675157~31bf3856ad364e35~x86~~9.1.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:42, Info CBS Session: 30234236:3785431776 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3791359775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2619339~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3791359775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3791671775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2483614~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:43, Info CBS Session: 30234236:3791671775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3791671776 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2492386~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3791671776 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3791983775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2347290~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3791983775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3792295775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2690533~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3792295775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3792451775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB975254~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:43, Info CBS Session: 30234236:3792451775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3792607775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB971657~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3792607775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3792763775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2653956~31bf3856ad364e35~x86~~6.0.1.4, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3792763775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3792763776 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB982132~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3792763776 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3792919775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2503665~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3792919775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3793075775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB971029~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3793075775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3793855775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2481109~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3793855775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3794011775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB976662~31bf3856ad364e35~x86~~8.0.1.0, ApplicableState: 0, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3794011775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3797755775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2478935~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3797755775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3798067775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB982666~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:43, Info CBS Session: 30234236:3798067775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3798223775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_1_for_KB929399~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: -17, CurrentState:0
2012-06-30 05:57:43, Info CBS Session: 30234236:3798223775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3798379775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB981997~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3798379775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3798379776 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2536275~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3798379776 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3798535775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~de-DE~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:43, Info CBS Session: 30234236:3798535775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3798847775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~he-IL~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:43, Info CBS Session: 30234236:3798847775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3799003775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~en-US~6.0.1.18000, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3799003775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3799159775 initialized.
2012-06-30 05:57:43, Info CBS Session: 30234236:3799159775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3799471775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: Package_for_KB2679255~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3799471775 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3799471776 initialized.
2012-06-30 05:57:43, Info  CBS Read out cached package applicability for package: Package_for_KB2688338~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:43, Info CBS Session: 30234236:3799471776 finalized. Reboot required: no
2012-06-30 05:57:43, Info CBS Session: 30234236:3799627775 initialized.
2012-06-30 05:57:43, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sl-SI~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:43, Info CBS Session: 30234236:3799627775 finalized. Reboot required: no
2012-06-30 05:57:44, Info CBS Session: 30234236:3803059775 initialized.
2012-06-30 05:57:44, Info CBS Read out cached package applicability for package: Package_for_KB2544521~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:44, Info CBS Session: 30234236:3803059775 finalized. Reboot required: no
2012-06-30 05:57:44, Info CBS Session: 30234236:3803215775 initialized.
2012-06-30 05:57:44, Info CBS Read out cached package applicability for package: Package_for_KB976470~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:44, Info CBS Session: 30234236:3803215775 finalized. Reboot required: no
2012-06-30 05:57:45, Info CBS Session: 30234236:3817723775 initialized.
2012-06-30 05:57:45, Info CBS Read out cached package applicability for package: Package_for_KB975558~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:45, Info CBS Session: 30234236:3817723775 finalized. Reboot required: no
2012-06-30 05:57:45, Info CBS Session: 30234236:3817879775 initialized.
2012-06-30 05:57:45, Info CBS Read out cached package applicability for package: Package_for_KB2660649~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:45, Info CBS Session: 30234236:3817879775 finalized. Reboot required: no
2012-06-30 05:57:45, Info CBS Session: 30234236:3818191775 initialized.
2012-06-30 05:57:45, Info CBS Read out cached package applicability for package: Package_for_KB2544893~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:45, Info CBS Session: 30234236:3818191775 finalized. Reboot required: no
2012-06-30 05:57:45, Info CBS Session: 30234236:3818503775 initialized.
2012-06-30 05:57:45, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~nl-NL~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:45, Info CBS Session: 30234236:3818503775 finalized. Reboot required: no
2012-06-30 05:57:45, Info CBS Session: 30234236:3818659775 initialized.
2012-06-30 05:57:45, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~es-ES~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:45, Info CBS Session: 30234236:3818659775 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3828643775 initialized.
2012-06-30 05:57:46, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~pt-PT~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:46, Info CBS Session: 30234236:3828643775 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3828799775 initialized.
2012-06-30 05:57:46, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sv-SE~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:46, Info CBS Session: 30234236:3828799775 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3828799776 initialized.
2012-06-30 05:57:46, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~bg-BG~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:46, Info CBS Session: 30234236:3828799776 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3828955775 initialized.
2012-06-30 05:57:46, Info CBS Read out cached package applicability for package: Package_for_KB961501~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:46, Info CBS Session: 30234236:3828955775 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3829111775 initialized.
2012-06-30 05:57:46, Info CBS Read out cached package applicability for package: Package_for_KB2564958~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:46, Info CBS Session: 30234236:3829111775 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3829891775 initialized.
2012-06-30 05:57:46, Info CBS Read out cached package applicability for package: Package_for_KB2505189~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:46, Info CBS Session: 30234236:3829891775 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3830359775 initialized.
2012-06-30 05:57:46, Info CBS Read out cached package applicability for package: Package_for_KB2584146~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:46, Info CBS Session: 30234236:3830359775 finalized. Reboot required: no
2012-06-30 05:57:46, Info CBS Session: 30234236:3830359776 initialized.
2012-06-30 05:57:47, Info CBS Read out cached package applicability for package: Package_for_KB2387149~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:47, Info CBS Session: 30234236:3830359776 finalized. Reboot required: no
2012-06-30 05:57:47, Info CBS Session: 30234236:3830515775 initialized.
2012-06-30 05:57:47, Info CBS Read out cached package applicability for package: Package_for_KB975560~31bf3856ad364e35~x86~~6.0.1.5, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:47, Info CBS Session: 30234236:3830515775 finalized. Reboot required: no
2012-06-30 05:57:47, Info CBS Session: 30234236:3837691775 initialized.
2012-06-30 05:57:47, Info CBS Read out cached package applicability for package: Package_for_KB982799~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:47, Info CBS Session: 30234236:3837691775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3840967775 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: Package_for_KB2659262~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:48, Info CBS Session: 30234236:3840967775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3844399775 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: Package_for_KB2654428~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:48, Info CBS Session: 30234236:3844399775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3844555775 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ja-JP~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:48, Info CBS Session: 30234236:3844555775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848143775 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: Package_for_KB2545698~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:48, Info CBS Session: 30234236:3848143775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848143776 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~zh-CN~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:48, Info CBS Session: 30234236:3848143776 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848299775 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~uk-UA~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:48, Info CBS Session: 30234236:3848299775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848455775 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: Package_for_KB968389~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:48, Info CBS Session: 30234236:3848455775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848611775 initialized.
2012-06-30 05:57:48, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~cs-CZ~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:48, Info CBS Session: 30234236:3848611775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848923775 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3848923775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848923776 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3848923776 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3848923777 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3848923777 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3849079775 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3849079775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3849079776 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3849079776 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3849079777 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3849079777 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3849235775 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3849235775 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3849235776 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3849235776 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3849235777 initialized.
2012-06-30 05:57:48, Info CBS Session: 30234236:3849235777 finalized. Reboot required: no
2012-06-30 05:57:48, Info CBS Session: 30234236:3850015775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3850015775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3850795775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3850795775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3850795776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3850795776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3850951775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3850951775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3850951776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3850951776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3850951777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3850951777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851107778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851263778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419779 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851419779 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575779 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851575779 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851731778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887779 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3851887779 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852043775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852043775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852043776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852043776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852043777 initialized.
2012-06-30 05:57:49, Info  CBS Session: 30234236:3852043777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852043778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852043778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852199778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355779 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852355779 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511779 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852511779 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667778 initialized.
2012-06-30 05:57:49, Info CBS  Session: 30234236:3852667778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667779 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852667779 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852823778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3852979778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853135778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853291778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853447775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853447775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853447776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853447776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853447777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853447777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603779 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853603779 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853759778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3853915778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071775 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071776 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071777 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071777 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071778 initialized.
2012-06-30 05:57:49, Info CBS Session: 30234236:3854071778 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3854227775 initialized.
2012-06-30 05:57:49, Info CBS Read out cached package applicability for package: Package_for_KB2522422~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:49, Info CBS Session: 30234236:3854227775 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3854227776 initialized.
2012-06-30 05:57:49, Info CBS Read out cached package applicability for package: Package_for_KB2281679~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:49, Info CBS Session: 30234236:3854227776 finalized. Reboot required: no
2012-06-30 05:57:49, Info CBS Session: 30234236:3854383775 initialized.
2012-06-30 05:57:49, Info CBS Read out cached package applicability for package: Package_for_KB960859~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 4, CurrentState:0
2012-06-30 05:57:49, Info CBS Session: 30234236:3854383775 finalized. Reboot required: no
2012-06-30 05:57:50, Info CBS Session: 30234236:3861091775 initialized.
2012-06-30 05:57:50, Info CBS Read out cached package applicability for package: Package_for_KB2479943~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:50, Info CBS Session: 30234236:3861091775 finalized. Reboot required: no
2012-06-30 05:57:50, Info CBS Session: 30234236:3861247775 initialized.
2012-06-30 05:57:50, Info CBS Read out cached package applicability for package: Package_for_KB977816~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:50, Info CBS Session: 30234236:3861247775 finalized. Reboot required: no
2012-06-30 05:57:50, Info CBS Session: 30234236:3861247776 initialized.
2012-06-30 05:57:50, Info CBS Read out cached package applicability for package: Microsoft-Windows-MediaPlayer-OOB-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6000.16386, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:50, Info CBS Session: 30234236:3861247776 finalized. Reboot required: no
2012-06-30 05:57:50, Info CBS Session: 30234236:3861559775 initialized.
2012-06-30 05:57:50, Info CBS Read out cached package applicability for package: Package_for_KB971961~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:50, Info CBS Session: 30234236:3861559775 finalized. Reboot required: no
2012-06-30 05:57:50, Info CBS Session: 30234236:3866083775 initialized.
2012-06-30 05:57:50, Info CBS Read out cached package applicability for package: Package_for_KB978338~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:50, Info CBS Session: 30234236:3866083775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3871231775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB956250~31bf3856ad364e35~x86~~6.1.6001.18242, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3871231775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3871387775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB979899~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3871387775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3871387776 initialized.
2012-06-30 05:57:51, Info  CBS Read out cached package applicability for package: Package_for_KB970430~31bf3856ad364e35~x86~~6.0.1.6, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3871387776 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3872479775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3872479775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3872635775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB2305420~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3872635775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3873259775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB976002~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:8
2012-06-30 05:57:51, Info CBS Session: 30234236:3873259775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3873259776 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB2494132~31bf3856ad364e35~x86~~6.1.1.0, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:51, Info CBS Session: 30234236:3873259776 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3873571775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3873571775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3877315775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB979309~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3877315775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3877315776 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ar-SA~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:51, Info CBS Session: 30234236:3877315776 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3877471775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~el-GR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:51, Info CBS Session: 30234236:3877471775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3877471776 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB2079403~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3877471776 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3877627775 initialized.
2012-06-30 05:57:51, Info  CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ru-RU~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:51, Info CBS Session: 30234236:3877627775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3877783775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ro-RO~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:51, Info CBS Session: 30234236:3877783775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3877939775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB2658846~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3877939775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3878251775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Microsoft-Windows-GroupPolicy-Preferences-CSE-Pack-TopLevel~31bf3856ad364e35~x86~~6.0.6001.18123, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:51, Info CBS Session: 30234236:3878251775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3878407775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: Package_for_KB956250~31bf3856ad364e35~x86~~6.1.6001.18242, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:51, Info CBS Session: 30234236:3878407775 finalized. Reboot required: no
2012-06-30 05:57:51, Info CBS Session: 30234236:3878563775 initialized.
2012-06-30 05:57:51, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~ko-KR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:51, Info CBS Session: 30234236:3878563775 finalized. Reboot required: no
2012-06-30 05:57:52, Info CBS Session: 30234236:3888703775 initialized.
2012-06-30 05:57:52, Info CBS Read out cached package applicability for package: Package_for_KB2620712~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:52, Info CBS Session: 30234236:3888703775 finalized. Reboot required: no
2012-06-30 05:57:52, Info CBS Session: 30234236:3888859775 initialized.
2012-06-30 05:57:52, Info CBS Read out cached package applicability for package: Package_for_KB973540~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:52, Info CBS Session: 30234236:3888859775 finalized. Reboot required: no
2012-06-30 05:57:52, Info CBS Session: 30234236:3889171775 initialized.
2012-06-30 05:57:52, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~da-DK~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:52, Info CBS Session: 30234236:3889171775 finalized. Reboot required: no
2012-06-30 05:57:52, Info CBS Session: 30234236:3889171776 initialized.
2012-06-30 05:57:52, Info CBS Read out cached package applicability for package: Package_for_KB2631813~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:52, Info CBS Session: 30234236:3889171776 finalized. Reboot required: no
2012-06-30 05:57:52, Info CBS Session: 30234236:3889327775 initialized.
2012-06-30 05:57:52, Info CBS Read out cached package applicability for package: Package_for_KB979099~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:52, Info CBS Session: 30234236:3889327775 finalized. Reboot required: no
2012-06-30 05:57:52, Info CBS Session: 30234236:3889327776 initialized.
2012-06-30 05:57:52, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~fr-FR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:52, Info CBS Session: 30234236:3889327776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3892915775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2124261~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 4, CurrentState:0
2012-06-30 05:57:53, Info CBS Session: 30234236:3892915775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893071779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893227778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893383778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893539778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893695775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893695775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893695776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893695776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893695777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893695777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3893851779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894007775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894007775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894007776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894007776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894007777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894007777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894163778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894319779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894475779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894631779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894787779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3894943778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895099775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895099775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895099776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895099776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895099777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895099777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895255779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895411778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895567778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895723778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879779 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3895879779 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896035778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191777 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191778 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896191778 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896347775 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896347775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896347776 initialized.
2012-06-30 05:57:53, Info CBS Session: 30234236:3896347776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896347777 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~zh-HK~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:53, Info CBS Session: 30234236:3896347777 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3896815775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:2
2012-06-30 05:57:53, Info CBS Session: 30234236:3896815775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3897283775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB905866~31bf3856ad364e35~x86~~6.0.56.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3897283775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3897283776 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2621440~31bf3856ad364e35~x86~~6.0.1.4, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3897283776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3897751775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~lv-LV~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:53, Info CBS Session: 30234236:3897751775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3897907775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2656409~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3897907775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3898063775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2533623~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3898063775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3898219775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sr-LATN-CS~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:53, Info CBS Session: 30234236:3898219775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3898375775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB980248~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3898375775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3898687775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2563227~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3898687775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3898687776 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2507938~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3898687776 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3898999775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:2
2012-06-30 05:57:53, Info CBS Session: 30234236:3898999775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3899155775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB974571~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3899155775 finalized. Reboot required: no
2012-06-30 05:57:53, Info CBS Session: 30234236:3899311775 initialized.
2012-06-30 05:57:53, Info CBS Read out cached package applicability for package: Package_for_KB2467659~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:53, Info CBS Session: 30234236:3899311775 finalized. Reboot required: no
2012-06-30 05:57:54, Info CBS Session: 30234236:3907423775 initialized.
2012-06-30 05:57:54, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~et-EE~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:54, Info CBS Session: 30234236:3907423775 finalized. Reboot required: no
2012-06-30 05:57:54, Info CBS Session: 30234236:3907579775 initialized.
2012-06-30 05:57:54, Info CBS Read out cached package applicability for package: Package_for_KB970238~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:54, Info CBS Session: 30234236:3907579775 finalized. Reboot required: no
2012-06-30 05:57:54, Info CBS Session: 30234236:3907579776 initialized.
2012-06-30 05:57:54, Info CBS Read out cached package applicability for package: Package_1_for_KB925697~31bf3856ad364e35~x86~~6.0.0.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:54, Info CBS Session: 30234236:3907579776 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3911167775 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: Package_for_KB2709162~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:4
2012-06-30 05:57:55, Info CBS Session: 30234236:3911167775 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3911167776 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: Package_for_KB973917~31bf3856ad364e35~x86~~6.0.2.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:55, Info CBS Session: 30234236:3911167776 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3911479775 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~th-TH~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:55, Info CBS Session: 30234236:3911479775 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3911635775 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~pl-PL~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:55, Info CBS Session: 30234236:3911635775 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3911635776 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~sk-SK~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:55, Info CBS Session: 30234236:3911635776 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3911791775 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~tr-TR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:55, Info CBS Session: 30234236:3911791775 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3911947775 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~pt-BR~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:55, Info CBS Session: 30234236:3911947775 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Session: 30234236:3912103775 initialized.
2012-06-30 05:57:55, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~fi-FI~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:55, Info CBS Session: 30234236:3912103775 finalized. Reboot required: no
2012-06-30 05:57:55, Info CBS Pkgmgr: called with: ""C:\Windows\system32\pkgmgr.exe" /ip /norestart /m:"C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2677070.cab" /s:"C:\Program Files\IObit\Advanced SystemCare 5\KB2677070.cab_Temp" "
2012-06-30 05:57:55, Info CSI [email protected]/6/30:04:57:55.508 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x657e8a50 @0x67165f @0x66b8ea @0x66c368 @0x7746d0e9 @0x777019bb)
2012-06-30 05:57:55, Info CBS Session: 30234236:3915847775 initialized.
2012-06-30 05:57:55, Info CBS Pkgmgr: Installing package from: C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2677070.cab
2012-06-30 05:57:55, Info Started DPX phase: Resume and Download Job
2012-06-30 05:57:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:57:55, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:57:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:57:55, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:57:55, Info Ended DPX phase: Resume and Download Job
2012-06-30 05:57:55, Info Started DPX phase: Resume and Download Job
2012-06-30 05:57:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:57:55, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:57:55, Info Ended DPX phase: Resume and Download Job
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6000.16386, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, parent state: 0
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:57:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, parent state: 7
2012-06-30 05:57:55, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:57:55, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:57:55, Info CBS Blocked system sleep; prior state: 0x80000000
2012-06-30 05:57:55, Info CBS Exec: Processing started. Client: Package Manager, Session: 30234236:3915847775, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1
2012-06-30 05:57:55, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:57:55, Info Started DPX phase: Resume and Download Job
2012-06-30 05:57:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:57:56, Info CBS Session: 30234236:3922867775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB2620704~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3922867775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3923023775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB974318~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3923023775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3923023776 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB973565~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3923023776 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3923335775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB980842~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3923335775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3923647775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB976768~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3923647775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3923959775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB976772~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3923959775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3924739775 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3924739775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3924739776 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3924739776 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3924895775 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3924895775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3924895776 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3924895776 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3924895777 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: VistaSP2-KB948465~31bf3856ad364e35~x86~~6.0.1.18005, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:56, Info CBS Session: 30234236:3924895777 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925207775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB2570947~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3925207775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925363775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3925363775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925519775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB2491683~31bf3856ad364e35~x86~~6.0.1.1, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:56, Info CBS Session: 30234236:3925519775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925519776 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: KB937286~31bf3856ad364e35~x86~it-IT~6.0.1.18000, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:56, Info CBS Session: 30234236:3925519776 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925675775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB979688~31bf3856ad364e35~x86~~6.0.3.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3925675775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925831775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Microsoft-Windows-Media-Format-OOB-Package-TopLevel~31bf3856ad364e35~x86~~6.0.6000.16386, ApplicableState: 0, CurrentState:0
2012-06-30 05:57:56, Info CBS Session: 30234236:3925831775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987775 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987776 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987776 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987777 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987777 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987778 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3925987778 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3926143775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: VistaSP1-KB936330~31bf3856ad364e35~x86~~6.0.1.18000, ApplicableState: 7, CurrentState:0
2012-06-30 05:57:56, Info CBS Session: 30234236:3926143775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3926299775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB954155~31bf3856ad364e35~x86~~6.0.1.2, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3926299775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3926455775 initialized.
2012-06-30 05:57:56, Info CBS Session: 30234236:3926455775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3926455776 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Windows-Management-Framework-Core-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18191, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3926455776 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3926923775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB972145~31bf3856ad364e35~x86~~6.0.1.5, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3926923775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3928483775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB973768~31bf3856ad364e35~x86~~6.0.1.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3928483775 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3928483776 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB2604105~31bf3856ad364e35~x86~~6.0.1.3, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3928483776 finalized. Reboot required: no
2012-06-30 05:57:56, Info CBS Session: 30234236:3928639775 initialized.
2012-06-30 05:57:56, Info CBS Read out cached package applicability for package: Package_for_KB975929~31bf3856ad364e35~x86~~6.0.2.0, ApplicableState: 7, CurrentState:7
2012-06-30 05:57:56, Info CBS Session: 30234236:3928639775 finalized. Reboot required: no
2012-06-30 05:58:01, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:58:01, Info Ended DPX phase: Resume and Download Job
2012-06-30 05:58:01, Info CBS Plan: Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: Resolved, pending: Default, start: Resolved, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6000.16386, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerFoundation-Base-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6001.18000, parent state: 0
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, parent state: 7
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:02, Info CBS Plan: Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-343_neutral_PACKAGE, current: Resolved, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:02, Info CBS Plan: Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-344_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:02, Info CBS Plan: Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-345_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, parent state: 7
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:02, Info CBS Plan: Package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, current: Resolved, pending: Default, start: Resolved, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, parent state: 7
2012-06-30 05:58:02, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:02, Info CBS Plan: Package: Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-340_neutral_PACKAGE, current: Resolved, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_129_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, Disposition = 4, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_129_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, parent state: 0
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_239_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, Disposition = 4, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_239_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, parent state: 0
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, Disposition = 4, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, parent state: 7
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, current: Resolved, pending: Default, start: Resolved, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_129_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, Disposition = 4, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_129_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, parent state: 0
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_239_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, Disposition = 4, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_239_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, parent state: 0
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, Disposition = 4, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Parent: Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005, parent state: 7
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-77_neutral_PACKAGE, current: Resolved, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-78_neutral_PACKAGE, current: Resolved, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-79_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-80_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-81_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-82_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-83_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-84_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-85_neutral_PACKAGE, current: Resolved, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-86_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-87_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-88_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-89_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-90_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-91_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-92_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-93_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-94_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-95_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-96_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-97_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-98_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-99_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-100_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-101_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-102_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-103_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-104_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-105_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-106_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-107_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-108_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-109_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-110_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-111_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-112_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Plan: Package: Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-113_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, parent state: 7
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Plan: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: Resolved, pending: Default, start: Resolved, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:58:03, Info CSI [email protected]/6/30:04:58:03.822 CSI Transaction @0x195aba8 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [26]"TI5.30234236:3915847775:1/"

2012-06-30 05:58:03, Info CSI [email protected]/6/30:04:58:03.822 CSI Transaction @0x195aba8 destroyed
2012-06-30 05:58:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_0.0.0.0_none_99d98f11e2f98a1f (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6002.18005
2012-06-30 05:58:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621, elevation: 2, applicable: 0
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:03, Info CBS Appl: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-1_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:03, Info CBS Appl: detectParent (exact match): package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, parent state: 7
2012-06-30 05:58:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_0.0.0.0_none_99d98f11e2f98a1f (6.0.6002.18618), elevation:2, lower version revision holder: 6.0.6002.18005
2012-06-30 05:58:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015, elevation: 2, applicable: 1
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:03, Info CBS Appl: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-2_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_0.0.0.0_none_7f49b78925fe0310 (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6002.18005
2012-06-30 05:58:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6002.22840_none_5db4a3daf4380f12, elevation: 2, applicable: 0
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:03, Info CBS Appl: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-3_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_0.0.0.0_none_7f49b78925fe0310 (6.0.6002.18618), elevation:2, lower version revision holder: 6.0.6002.18005
2012-06-30 05:58:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6002.18618_none_5d53773ddafae906, elevation: 2, applicable: 1
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:03, Info CBS Appl: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-4_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:58:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:04, Info CBS Plan: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-1_neutral_LDR, current: Staged, pending: Default, start: Resolved, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:58:04, Info CBS Plan: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-2_neutral_GDR, current: Staged, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:04, Info CBS Plan: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-3_neutral_LDR, current: Staged, pending: Default, start: Resolved, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:58:04, Info CBS Plan: Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-4_neutral_GDR, current: Staged, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:04, Info CBS Appl: detect Parent, Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:04, Info CBS Appl: detectParent (exact match): package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, parent state: 7
2012-06-30 05:58:04, Info CBS Appl: detect Parent, Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:04, Info CBS Appl: Evaluating package applicability for package Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:04, Info CBS Plan: Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: Resolved, pending: Default, start: Resolved, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:58:04, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_0.0.0.0_none_3af336c743fff57a (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6001.18000
2012-06-30 05:58:04, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.0.6002.22840_none_195e2319123a017c, elevation: 2, applicable: 0
2012-06-30 05:58:04, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:04, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:04, Info CBS Appl: Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-5_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:58:04, Info CBS Appl: detect Parent, Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:04, Info CBS Appl: detectParent (exact match): package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, parent state: 7
2012-06-30 05:58:04, Info CBS Appl: detect Parent, Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:04, Info CBS Appl: Evaluating package applicability for package Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:04, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_0.0.0.0_none_3af336c743fff57a (6.0.6002.18618), elevation:16, lower version revision holder: 6.0.6001.18000
2012-06-30 05:58:04, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.0.6002.18618_none_18fcf67bf8fcdb70, elevation: 16, applicable: 1
2012-06-30 05:58:04, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:04, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:04, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:04, Info CBS Appl: Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-6_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:58:04, Info CBS Appl: Evaluating package applicability for package Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:04, Info CBS Plan: Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-5_neutral_LDR, current: Staged, pending: Default, start: Resolved, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:58:04, Info CBS Plan: Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-6_neutral_GDR, current: Staged, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_3_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:05, Info CBS Appl: detectParent (exact match): package: Package_3_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6000.16386, parent state: 0
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_3_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:05, Info CBS Appl: Evaluating package applicability for package Package_3_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:05, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_3_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_4_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~bg-BG~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:05, Info CBS Appl: detectParent (exact match): package: Package_4_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~bg-BG~6.0.6000.16386, parent state: 0
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_4_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:05, Info CBS Appl: Evaluating package applicability for package Package_4_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:05, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_4_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_5_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:05, Info CBS Appl: detectParent (exact match): package: Package_5_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6000.16386, parent state: 0
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_5_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:05, Info CBS Appl: Evaluating package applicability for package Package_5_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:05, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_5_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_6_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:05, Info CBS Appl: detectParent (exact match): package: Package_6_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, parent state: 0
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_6_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:05, Info CBS Appl: Evaluating package applicability for package Package_6_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:05, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_6_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_7_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~de-DE~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:05, Info CBS Appl: detectParent (exact match): package: Package_7_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~de-DE~6.0.6000.16386, parent state: 0
2012-06-30 05:58:05, Info CBS Appl: detect Parent, Package: Package_7_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:05, Info CBS Appl: Evaluating package applicability for package Package_7_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:05, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_7_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_8_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~el-GR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:06, Info CBS Appl: detectParent (exact match): package: Package_8_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~el-GR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:06, Info  CBS Appl: detect Parent, Package: Package_8_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:06, Info CBS Appl: Evaluating package applicability for package Package_8_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:06, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_8_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:06, Info CBS Appl: detectParent (exact match): package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, parent state: 7
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:06, Info CBS Appl: Evaluating package applicability for package Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:06, Info CBS Plan: Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: Resolved, pending: Default, start: Resolved, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:58:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_0.0.0.0_en-us_f200d33c0270b0d5 (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6000.16386
2012-06-30 05:58:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.0.6002.22840_en-us_d06bbf8dd0aabcd7, elevation: 2, applicable: 0
2012-06-30 05:58:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:06, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:58:06, Info CBS Appl: Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-19_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:06, Info CBS Appl: detectParent (exact match): package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, parent state: 7
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 7
2012-06-30 05:58:06, Info CBS Appl: Evaluating package applicability for package Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_0.0.0.0_en-us_f200d33c0270b0d5 (6.0.6002.18618), elevation:16, lower version revision holder: 6.0.6000.16386
2012-06-30 05:58:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.0.6002.18618_en-us_d00a92f0b76d96cb, elevation: 16, applicable: 1
2012-06-30 05:58:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:06, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:06, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:58:06, Info CBS Appl: Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-20_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:58:06, Info CBS Appl: Evaluating package applicability for package Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 7
2012-06-30 05:58:06, Info CBS Plan: Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-19_neutral_LDR, current: Staged, pending: Default, start: Resolved, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:58:06, Info CBS Plan: Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-20_neutral_GDR, current: Staged, pending: Default, start: Resolved, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_10_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:06, Info CBS Appl: detectParent (exact match): package: Package_10_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~es-ES~6.0.6000.16386, parent state: 0
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_10_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:06, Info CBS Appl: Evaluating package applicability for package Package_10_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:06, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_10_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_11_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~et-EE~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:06, Info CBS Appl: detectParent (exact match): package: Package_11_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~et-EE~6.0.6000.16386, parent state: 0
2012-06-30 05:58:06, Info CBS Appl: detect Parent, Package: Package_11_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:06, Info CBS Appl: Evaluating package applicability for package Package_11_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:06, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_11_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_12_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~fi-FI~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:07, Info CBS Appl: detectParent (exact match): package: Package_12_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~fi-FI~6.0.6000.16386, parent state: 0
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_12_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:07, Info CBS Appl: Evaluating package applicability for package Package_12_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:07, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_12_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_13_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~fr-FR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:07, Info CBS Appl: detectParent (exact match): package: Package_13_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~fr-FR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_13_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:07, Info CBS Appl: Evaluating package applicability for package Package_13_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:07, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_13_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_14_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~he-IL~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:07, Info CBS Appl: detectParent (exact match): package: Package_14_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~he-IL~6.0.6000.16386, parent state: 0
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_14_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:07, Info CBS Appl: Evaluating package applicability for package Package_14_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:07, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_14_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_15_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~hr-HR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:07, Info CBS Appl: detectParent (exact match): package: Package_15_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~hr-HR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_15_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:07, Info CBS Appl: Evaluating package applicability for package Package_15_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:07, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_15_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_16_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~hu-HU~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:07, Info CBS Appl: detectParent (exact match): package: Package_16_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~hu-HU~6.0.6000.16386, parent state: 0
2012-06-30 05:58:07, Info CBS Appl: detect Parent, Package: Package_16_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:07, Info CBS Appl: Evaluating package applicability for package Package_16_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:07, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_16_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_17_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:08, Info CBS Appl: detectParent (exact match): package: Package_17_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~it-IT~6.0.6000.16386, parent state: 0
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_17_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:08, Info CBS Appl: Evaluating package applicability for package Package_17_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:08, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_17_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_18_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:08, Info CBS Appl: detectParent (exact match): package: Package_18_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6000.16386, parent state: 0
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_18_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:08, Info CBS Appl: Evaluating package applicability for package Package_18_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:08, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_18_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_19_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ko-KR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:08, Info CBS Appl: detectParent (exact match): package: Package_19_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ko-KR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_19_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:08, Info CBS Appl: Evaluating package applicability for package Package_19_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:08, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_19_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_20_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~lt-LT~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:08, Info CBS Appl: detectParent (exact match): package: Package_20_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~lt-LT~6.0.6000.16386, parent state: 0
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_20_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:08, Info CBS Appl: Evaluating package applicability for package Package_20_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:08, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_20_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_21_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~lv-LV~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:08, Info CBS Appl: detectParent (exact match): package: Package_21_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~lv-LV~6.0.6000.16386, parent state: 0
2012-06-30 05:58:08, Info CBS Appl: detect Parent, Package: Package_21_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:08, Info CBS Appl: Evaluating package applicability for package Package_21_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:08, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_21_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_22_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~nb-NO~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:09, Info CBS Appl: detectParent (exact match): package: Package_22_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~nb-NO~6.0.6000.16386, parent state: 0
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_22_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:09, Info CBS Appl: Evaluating package applicability for package Package_22_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:09, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_22_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_23_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~nl-NL~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:09, Info CBS Appl: detectParent (exact match): package: Package_23_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~nl-NL~6.0.6000.16386, parent state: 0
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_23_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:09, Info CBS Appl: Evaluating package applicability for package Package_23_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:09, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_23_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_24_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pl-PL~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:09, Info CBS Appl: detectParent (exact match): package: Package_24_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pl-PL~6.0.6000.16386, parent state: 0
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_24_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:09, Info CBS Appl: Evaluating package applicability for package Package_24_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:09, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_24_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_25_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:09, Info CBS Appl: detectParent (exact match): package: Package_25_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-BR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_25_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:09, Info CBS Appl: Evaluating package applicability for package Package_25_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:09, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_25_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_26_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-PT~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:09, Info CBS Appl: detectParent (exact match): package: Package_26_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pt-PT~6.0.6000.16386, parent state: 0
2012-06-30 05:58:09, Info CBS Appl: detect Parent, Package: Package_26_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:09, Info CBS Appl: Evaluating package applicability for package Package_26_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:09, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_26_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_27_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:10, Info CBS Appl: detectParent (exact match): package: Package_27_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ro-RO~6.0.6000.16386, parent state: 0
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_27_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:10, Info CBS Appl: Evaluating package applicability for package Package_27_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:10, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_27_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_28_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ru-RU~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:10, Info CBS Appl: detectParent (exact match): package: Package_28_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ru-RU~6.0.6000.16386, parent state: 0
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_28_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:10, Info CBS Appl: Evaluating package applicability for package Package_28_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:10, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_28_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_29_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:10, Info CBS Appl: detectParent (exact match): package: Package_29_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sk-SK~6.0.6000.16386, parent state: 0
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_29_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:10, Info CBS Appl: Evaluating package applicability for package Package_29_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:10, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_29_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_30_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sl-SI~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:10, Info CBS Appl: detectParent (exact match): package: Package_30_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sl-SI~6.0.6000.16386, parent state: 0
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_30_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:10, Info CBS Appl: Evaluating package applicability for package Package_30_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:10, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_30_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_31_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sr-LATN-CS~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:10, Info CBS Appl: detectParent (exact match): package: Package_31_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sr-LATN-CS~6.0.6000.16386, parent state: 0
2012-06-30 05:58:10, Info CBS Appl: detect Parent, Package: Package_31_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:10, Info CBS Appl: Evaluating package applicability for package Package_31_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:10, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_31_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_32_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sv-SE~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:11, Info CBS Appl: detectParent (exact match): package: Package_32_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~sv-SE~6.0.6000.16386, parent state: 0
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_32_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:11, Info CBS Appl: Evaluating package applicability for package Package_32_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:11, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_32_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_33_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:11, Info CBS Appl: detectParent (exact match): package: Package_33_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~th-TH~6.0.6000.16386, parent state: 0
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_33_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:11, Info CBS Appl: Evaluating package applicability for package Package_33_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:11, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_33_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_34_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:11, Info CBS Appl: detectParent (exact match): package: Package_34_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~tr-TR~6.0.6000.16386, parent state: 0
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_34_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:11, Info CBS Appl: Evaluating package applicability for package Package_34_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:11, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_34_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_35_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~uk-UA~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:11, Info CBS Appl: detectParent (exact match): package: Package_35_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~uk-UA~6.0.6000.16386, parent state: 0
2012-06-30 05:58:11, Info CBS Appl: detect Parent, Package: Package_35_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:11, Info CBS Appl: Evaluating package applicability for package Package_35_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:11, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_35_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_36_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:12, Info CBS Appl: detectParent (exact match): package: Package_36_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6000.16386, parent state: 0
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_36_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:12, Info CBS Appl: Evaluating package applicability for package Package_36_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:12, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_36_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_37_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-HK~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:12, Info CBS Appl: detectParent (exact match): package: Package_37_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-HK~6.0.6000.16386, parent state: 0
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_37_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6000.16386, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:12, Info CBS Appl: detectParent (exact match): package: Package_37_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6000.16386, parent state: 0
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_37_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:12, Info CBS Appl: Evaluating package applicability for package Package_37_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:12, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_37_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_server~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:12, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_server~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6001.18000, parent state: 0
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_server~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:12, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_server~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:12, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_for_KB2677070_server~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_sc~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~x86~~6.0.6001.18000, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:12, Info CBS Appl: detectParent (exact match): package: Package_for_KB2677070_sc~31bf3856ad364e35~x86~~6.0.1.1, Parent: Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~x86~~6.0.6001.18000, parent state: 0
2012-06-30 05:58:12, Info CBS Appl: detect Parent, Package: Package_for_KB2677070_sc~31bf3856ad364e35~x86~~6.0.1.1, disposition state from detectParent: 0
2012-06-30 05:58:12, Info CBS Appl: Evaluating package applicability for package Package_for_KB2677070_sc~31bf3856ad364e35~x86~~6.0.1.1, applicable state: 0
2012-06-30 05:58:12, Info CBS Plan: Skipping package since its start state and target state are both absent for package: Package_for_KB2677070_sc~31bf3856ad364e35~x86~~6.0.1.1, current: 0, pending: -16, start: 0, applicable: 0, targeted: 0, limit: 7
2012-06-30 05:58:13, Info CBS Perf: Begin: nested restore point - begin
2012-06-30 05:58:34, Info CBS Perf: Begin: nested restore point - complete
2012-06-30 05:58:34, Info CSI [email protected]/6/30:04:58:34.414 CSI Transaction @0x1967808 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [77]"TI1.30234236:3915847775:2/Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1"

2012-06-30 05:58:34, Info CSI [email protected]/6/30:04:58:34.414 CSI Transaction @0x1967808 destroyed
2012-06-30 05:58:34, Info CSI [email protected]/6/30:04:58:34.414 CSI Transaction @0x1967808 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [61]"TI2.0:0:0/Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1"

2012-06-30 05:58:34, Info CBS Exec: Staging Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-1_neutral_LDR, PinDeployment: x86_926d8bcf2428d477203089a2de501766_31bf3856ad364e35_6.0.6002.22840_none_9ed2103f4944538a
2012-06-30 05:58:35, Info CBS Exec: Staging Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-2_neutral_GDR, PinDeployment: x86_c0b75daae73cc356c18c2ffc76178023_31bf3856ad364e35_6.0.6002.18618_none_b027f9c58a319f1f
2012-06-30 05:58:35, Info CBS Exec: Staging Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-3_neutral_LDR, PinDeployment: x86_37b4d5c43bdca6ef67cacdafd60829dc_31bf3856ad364e35_6.0.6002.22840_none_a202bfa73d631e4a
2012-06-30 05:58:35, Info CBS Exec: Staging Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-4_neutral_GDR, PinDeployment: x86_c9992d682457d6ff967af86e95e4b4f2_31bf3856ad364e35_6.0.6002.18618_none_a5bb502a39043468
2012-06-30 05:58:35, Info CBS Exec: Staging Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-5_neutral_LDR, PinDeployment: x86_17195ad019cc5b66c54cae95495869bd_31bf3856ad364e35_6.0.6002.22840_none_d7e506b7ef609f0e
2012-06-30 05:58:35, Info CBS Exec: Staging Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-6_neutral_GDR, PinDeployment: x86_9c925acc4e23680dfff19d9351920f70_31bf3856ad364e35_6.0.6002.18618_none_7c143161dab21dc0
2012-06-30 05:58:35, Info CBS Exec: Staging Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-19_neutral_LDR, PinDeployment: x86_2202cf0f01ee4d01ae6b23368f98369c_31bf3856ad364e35_6.0.6002.22840_none_8c84b219273bd386
2012-06-30 05:58:35, Info CBS Exec: Staging Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-20_neutral_GDR, PinDeployment: x86_29f289dc45bce2b17352d9935002dbef_31bf3856ad364e35_6.0.6002.18618_none_22c145114b7a1976
2012-06-30 05:58:35, Info CSI [email protected]/6/30:04:58:35.912 CSI Transaction @0x1967808 destroyed
2012-06-30 05:58:35, Info CSI [email protected]/6/30:04:58:35.912 CSI Transaction @0x1967808 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [77]"TI3.30234236:3915847775:3/Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1"

2012-06-30 05:58:35, Info CSI [email protected]/6/30:04:58:35.943 CSI Transaction @0x1967808 destroyed
2012-06-30 05:58:35, Info CBS Exec: Not trying hotpatching because root package is not hotpatch-aware: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1
2012-06-30 05:58:35, Info CSI [email protected]/6/30:04:58:35.943 CSI Transaction @0x1967808 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [77]"TI4.30234236:3915847775:4/Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1"

2012-06-30 05:58:35, Info CBS Exec: Installing Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-2_neutral_GDR, InstallDeployment: x86_c0b75daae73cc356c18c2ffc76178023_31bf3856ad364e35_6.0.6002.18618_none_b027f9c58a319f1f
2012-06-30 05:58:35, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_0.0.0.0_none_99d98f11e2f98a1f (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6002.18618
2012-06-30 05:58:35, Info CBS Exec: Installing Package: Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-4_neutral_GDR, InstallDeployment: x86_c9992d682457d6ff967af86e95e4b4f2_31bf3856ad364e35_6.0.6002.18618_none_a5bb502a39043468
2012-06-30 05:58:35, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_0.0.0.0_none_7f49b78925fe0310 (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6002.18618
2012-06-30 05:58:35, Info CBS Exec: Installing Package: Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-6_neutral_GDR, InstallDeployment: x86_9c925acc4e23680dfff19d9351920f70_31bf3856ad364e35_6.0.6002.18618_none_7c143161dab21dc0
2012-06-30 05:58:35, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_0.0.0.0_none_3af336c743fff57a (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6002.18618
2012-06-30 05:58:35, Info CBS Exec: Installing Package: Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, Update: 2677070-20_neutral_GDR, InstallDeployment: x86_29f289dc45bce2b17352d9935002dbef_31bf3856ad364e35_6.0.6002.18618_none_22c145114b7a1976
2012-06-30 05:58:35, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_0.0.0.0_en-us_f200d33c0270b0d5 (6.0.6002.22840), elevation:2, lower version revision holder: 6.0.6002.18618
2012-06-30 05:58:36, Info CSI 0000000f Performing 4 operations; 4 are not lock/unlock and follow:
Install (5): flags: 0 tlc: [c0b75daae73cc356c18c2ffc76178023, Version = 6.0.6002.18618, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1.2677070-2_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: (null)
Install (5): flags: 0 tlc: [c9992d682457d6ff967af86e95e4b4f2, Version = 6.0.6002.18618, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1.2677070-4_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: (null)
Install (5): flags: 0 tlc: [9c925acc4e23680dfff19d9351920f70, Version = 6.0.6002.18618, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1.2677070-6_neutral_GDR" ncdata: [l:4{2}]"16") thumbprint: (null)
Install (5): flags: 0 tlc: [29f289dc45bce2b17352d9935002dbef, Version = 6.0.6002.18618, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1.2677070-20_neutral_GDR" ncdata: [l:4{2}]"16") thumbprint: (null)
2012-06-30 05:58:36, Info CSI 00000010 Component change list: { (null) -> 6.0.6002.18618 9c925acc4e23680dfff19d9351920f70, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
{ 6.0.6000.16386 -> 6.0.6002.18618 Microsoft-Windows-crypt32-dll.Resources, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
{ (null) -> 6.0.6002.18618 29f289dc45bce2b17352d9935002dbef, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
{ 6.0.6001.18000 -> 6.0.6002.18618 Microsoft-Windows-cryptnet-dll, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
{ (null) -> 6.0.6002.18618 c0b75daae73cc356c18c2ffc76178023, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
{ 6.0.6002.18005 -> 6.0.6002.18618 Microsoft-Windows-cryptsvc-dll, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
{ 6.0.6002.18005 -> 6.0.6002.18618 Microsoft-Windows-crypt32-dll, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
{ (null) -> 6.0.6002.18618 c9992d682457d6ff967af86e95e4b4f2, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral }
2012-06-30 05:58:36, Info CSI 00000011 ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=15 (0x0000000f)
2012-06-30 05:58:36, Info CSI 00000012 Creating NT transaction (seq 1), objectname [6]"(null)"
2012-06-30 05:58:36, Info CSI 00000013 Created NT transaction (seq 1) result 0x00000000, handle @0x7a0
2012-06-30 05:58:37, Info CSI 00000014 Error STATUS_CANNOT_DELETE while executing operation HardLinkFile on [l:316{158}]"\SystemRoot\WinSxS\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll, \??\C:\Windows\System32\cryptsvc.dll"

2012-06-30 05:58:37, Info CBS Exec: Failed to commit CSI transaction due to file in use or Component reboot required, package changes need to be pended.
2012-06-30 05:58:37, Info CSI 00000015 Creating NT transaction (seq 2), objectname [6]"(null)"
2012-06-30 05:58:37, Info CSI 00000016 Created NT transaction (seq 2) result 0x00000000, handle @0x568
2012-06-30 05:58:38, Info CSI [email protected]/6/30:04:58:38.798 CSI perf trace:
CSIPERF:TXCOMMIT;1530115
2012-06-30 05:58:38, Info CBS Failed removing poqexec from Cbs key. hr: 0x80070002
2012-06-30 05:58:38, Info CBS Failed removing impactful-commit disabling value from CCP. hr: 0x80070002
2012-06-30 05:58:38, Info CBS Setting ExecuteState key to 0
2012-06-30 05:58:38, Info CBS Setting RollbackFailed flag to 0
2012-06-30 05:58:38, Info CBS Exec: Pended transaction, changes will be applied during shutdown/startup processing.
2012-06-30 05:58:38, Info CSI [email protected]/6/30:04:58:38.813 CSI Transaction @0x1967808 destroyed
2012-06-30 05:58:38, Info CBS Pkgmgr: Completed install of package from: C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2677070.cab, hr: 0x0
2012-06-30 05:58:38, Info CBS Exec: Processing complete. Session: 30234236:3915847775, Package: Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1, hr: 0x0
2012-06-30 05:58:38, Info CBS Exec: End: nested restore point - complete.
2012-06-30 05:58:38, Info CBS Restored system sleep block state: 0x80000000
2012-06-30 05:58:38, Info CBS Session: 30234236:3915847775 finalized. Reboot required: yes
2012-06-30 05:58:38, Info CBS Pkgmgr: return code: 0xbc2
2012-06-30 05:58:55, Info CBS Pkgmgr: called with: ""C:\Windows\system32\pkgmgr.exe" /ip /norestart /m:"C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2699988.cab" /s:"C:\Program Files\IObit\Advanced SystemCare 5\KB2699988.cab_Temp" "
2012-06-30 05:58:55, Info CSI [email protected]/6/30:04:58:55.115 WcpInitialize (wcp.dll version 0.0.0.5) called (stack @0x657e8a50 @0x67165f @0x66b8ea @0x66c368 @0x7746d0e9 @0x777019bb)
2012-06-30 05:58:55, Info CBS Session: 30234237:216800479 initialized.
2012-06-30 05:58:55, Info CBS Pkgmgr: Installing package from: C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2699988.cab
2012-06-30 05:58:55, Info Started DPX phase: Resume and Download Job
2012-06-30 05:58:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:58:55, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:58:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:58:55, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:58:55, Info Ended DPX phase: Resume and Download Job
2012-06-30 05:58:55, Info Started DPX phase: Resume and Download Job
2012-06-30 05:58:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:58:55, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:58:55, Info Ended DPX phase: Resume and Download Job
2012-06-30 05:58:55, Info CBS Appl: detect Parent, Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16443, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16443, parent state: 0
2012-06-30 05:58:55, Info CBS Appl: detect Parent, Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:58:55, Info CBS Appl: detectParent (exact match): package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, parent state: 7
2012-06-30 05:58:55, Info CBS Appl: detect Parent, Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, disposition state from detectParent: 7
2012-06-30 05:58:55, Info CBS Appl: Evaluating package applicability for package Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:58:55, Info CBS Blocked system sleep; prior state: 0x80000000
2012-06-30 05:58:55, Info CBS Exec: Processing started. Client: Package Manager, Session: 30234237:216800479, Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0
2012-06-30 05:58:55, Info CBS Appl: Evaluating package applicability for package Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:58:55, Info Started DPX phase: Resume and Download Job
2012-06-30 05:58:55, Info Started DPX phase: Apply Deltas Provided In File
2012-06-30 05:59:02, Info Ended DPX phase: Apply Deltas Provided In File
2012-06-30 05:59:02, Info Ended DPX phase: Resume and Download Job
2012-06-30 05:59:02, Info CBS Plan: Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, current: Resolved Invalid, pending: Default, start: Absent, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:59:02, Info CBS Appl: detect Parent, Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16443, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:59:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16443, parent state: 0
2012-06-30 05:59:02, Info CBS Appl: detect Parent, Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:59:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, parent state: 7
2012-06-30 05:59:02, Info CBS Appl: detect Parent, Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, disposition state from detectParent: 7
2012-06-30 05:59:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:02, Info CBS Plan: Package: Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-36_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:02, Info CBS Appl: detect Parent, Package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:59:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, parent state: 7
2012-06-30 05:59:02, Info CBS Appl: detect Parent, Package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, disposition state from detectParent: 7
2012-06-30 05:59:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:02, Info CBS Plan: Package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, current: Resolved Invalid, pending: Default, start: Absent, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:59:02, Info CBS Appl: detect Parent, Package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:59:02, Info CBS Appl: detectParent (exact match): package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, parent state: 7
2012-06-30 05:59:02, Info CBS Appl: detect Parent, Package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, disposition state from detectParent: 7
2012-06-30 05:59:02, Info CBS Appl: Evaluating package applicability for package Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:02, Info CBS Plan: Package: Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-35_neutral_PACKAGE, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:59:03, Info CBS Appl: detectParent (exact match): package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, parent state: 7
2012-06-30 05:59:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, disposition state from detectParent: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, current: Resolved Invalid, pending: Default, start: Absent, applicable: Installed, targeted: Installed, limit: Installed
2012-06-30 05:59:03, Info CSI 00000019 Transaction merge required, do-not-merge flag passed.
2012-06-30 05:59:03, Info CSI [email protected]/6/30:04:59:03.243 CSI Transaction @0x22f4c28 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [25]"TI5.30234237:216800479:1/"

2012-06-30 05:59:03, Info CSI [email protected]/6/30:04:59:03.274 CSI Transaction @0x22f4c28 destroyed


----------



## baffledUK (Jul 2, 2012)

Eddie this will take some time tried to zip it but it is just too big is there any other way apart from copy and paste each 300k characters?


----------



## baffledUK (Jul 2, 2012)

2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_0.0.0.0_none_a6b9de443f4e9343 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.20551_none_433c508e4e3e90bc, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-1_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, Disposition = 1003, VersionComp: 1, ServiceComp: 1, BuildComp: 1, DistributionComp: 1, RevisionComp: 1, Exist: 1
2012-06-30 05:59:03, Info CBS Appl: detectParent (exact match): package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Parent: Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~x86~~9.1.8112.16421, parent state: 7
2012-06-30 05:59:03, Info CBS Appl: detect Parent, Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, disposition state from detectParent: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_0.0.0.0_none_a6b9de443f4e9343 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.16446_none_42c28521351453b4, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-2_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_0.0.0.0_none_1404c6f3a5f49cc6 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.1.8112.20551_none_b087393db4e49a3f, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-3_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_0.0.0.0_none_1404c6f3a5f49cc6 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.1.8112.16446_none_b00d6dd09bba5d37, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-4_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_0.0.0.0_none_22ffd4d67d245b05 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.1.8112.20551_none_bf8247208c14587e, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-5_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_0.0.0.0_none_22ffd4d67d245b05 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-versioninfo_31bf3856ad364e35_9.1.8112.16446_none_bf087bb372ea1b76, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-6_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_0.0.0.0_none_6b7da006d4ae6c79 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.20551_none_08001250e39e69f2, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS  Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-7_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_0.0.0.0_none_6b7da006d4ae6c79 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.16446_none_078646e3ca742cea, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-8_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_0.0.0.0_none_d8bd0d891ef42789 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.1.8112.20551_none_753f7fd32de42502, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-9_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_0.0.0.0_none_d8bd0d891ef42789 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.1.8112.16446_none_74c5b46614b9e7fa, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-10_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_0.0.0.0_none_de46448b15cf7905 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.1.8112.20551_none_7ac8b6d524bf767e, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-11_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_0.0.0.0_none_de46448b15cf7905 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.1.8112.16446_none_7a4eeb680b953976, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-12_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_0.0.0.0_none_bc905206f5f0040a (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_5912c45104e00183, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-13_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_0.0.0.0_none_bc905206f5f0040a (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_5898f8e3ebb5c47b, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-14_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_0.0.0.0_none_533bf5b66228bcff (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.1.8112.20551_none_efbe68007118ba78, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-15_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_0.0.0.0_none_533bf5b66228bcff (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.1.8112.16446_none_ef449c9357ee7d70, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-16_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_0.0.0.0_none_b3139bbd9a02ccad (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.20551_none_4f960e07a8f2ca26, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-17_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_0.0.0.0_none_b3139bbd9a02ccad (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16446_none_4f1c429a8fc88d1e, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-18_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_0.0.0.0_none_6b6725a2e2633f09 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.1.8112.20551_none_07e997ecf1533c82, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-19_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_0.0.0.0_none_6b6725a2e2633f09 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.1.8112.16446_none_076fcc7fd828ff7a, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-20_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_0.0.0.0_none_b408da0c92bad89b (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.1.8112.20551_none_508b4c56a1aad614, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-21_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_0.0.0.0_none_b408da0c92bad89b (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16421
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.1.8112.16446_none_501180e98880990c, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-22_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_0.0.0.0_none_371d08496a53b752 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20551_none_d39f7a937943b4cb, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info  CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-23_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_0.0.0.0_none_371d08496a53b752 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16446_none_d325af26601977c3, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-24_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_0.0.0.0_none_6c02df148b8f012a (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.1.8112.20551_none_0885515e9a7efea3, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-25_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_0.0.0.0_none_6c02df148b8f012a (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.1.8112.16446_none_080b85f18154c19b, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-26_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ieframe_31bf3856ad364e35_0.0.0.0_none_887c624cf649457f (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.20551_none_24fed497053942f8, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-27_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ieframe_31bf3856ad364e35_0.0.0.0_none_887c624cf649457f (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.16446_none_24850929ec0f05f0, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-28_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_0.0.0.0_none_6089a1b01ec44250 (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_9.1.8112.20551_none_fd0c13fa2db43fc9, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-29_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_0.0.0.0_none_6089a1b01ec44250 (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_9.1.8112.16446_none_fc92488d148a02c1, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-30_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-devtools_31bf3856ad364e35_0.0.0.0_none_5f7f027d88009a5d (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.1.8112.20551_none_fc0174c796f097d6, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-31_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-ie-devtools_31bf3856ad364e35_0.0.0.0_none_5f7f027d88009a5d (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.1.8112.16446_none_fb87a95a7dc65ace, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-32_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_0.0.0.0_none_25c2e92ae9fd4e1c (9.1.8112.20551), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20551_none_c2455b74f8ed4b95, elevation: 2, applicable: 0
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 1, result applicability state: 4
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-33_neutral_LDR, Applicable: 1, Disposition: 4
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_0.0.0.0_none_25c2e92ae9fd4e1c (9.1.8112.16446), elevation:2, lower version revision holder: 9.1.8112.16443
2012-06-30 05:59:03, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16446_none_c1cb9007dfc30e8d, elevation: 2, applicable: 1
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating applicability block, disposition is: 4, applicability: 4, result applicability state: 7
2012-06-30 05:59:03, Info CBS Appl: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-34_neutral_GDR, Applicable: 4, Disposition: 7
2012-06-30 05:59:03, Info CBS Appl: Evaluating package applicability for package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, applicable state: 7
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-1_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-2_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-3_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-4_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-5_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-6_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-7_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-8_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-9_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-10_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-11_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-12_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-13_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-14_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-15_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-16_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-17_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-18_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-19_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-20_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-21_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-22_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-23_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-24_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-25_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-26_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-27_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-28_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-29_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-30_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-31_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-32_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-33_neutral_LDR, current: Absent, pending: Default, start: Absent, intended: Staged, targeted: Staged, limit: Installed, selected: Default
2012-06-30 05:59:03, Info CBS Plan: Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-34_neutral_GDR, current: Absent, pending: Default, start: Absent, intended: Installed, targeted: Installed, limit: Installed, selected: Default
2012-06-30 05:59:04, Info CSI 0000001c Transaction merge required, do-not-merge flag passed.
2012-06-30 05:59:04, Info CSI [email protected]/6/30:04:59:04.07 CSI Transaction @0x2296ad8 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [76]"TI1.30234237:216800479:2/Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0"

2012-06-30 05:59:04, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-1_neutral_LDR, PinDeployment: x86_3caa79f4209db08dc53b42102a5b19fe_31bf3856ad364e35_9.1.8112.20551_none_f6679d95cca257fa
2012-06-30 05:59:04, Info CSI 0000001e Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a70ec
2012-06-30 05:59:04, Info CSI 0000001f Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [3caa79f4209db08dc53b42102a5b19fe, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a420c
2012-06-30 05:59:04, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-2_neutral_GDR, PinDeployment: x86_7d5185ee205ca41b356047bb09a771ff_31bf3856ad364e35_9.1.8112.16446_none_eb671be630ec3178
2012-06-30 05:59:04, Info CSI 00000020 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a4644
2012-06-30 05:59:05, Info CSI 00000021 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [7d5185ee205ca41b356047bb09a771ff, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a4494
2012-06-30 05:59:05, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-3_neutral_LDR, PinDeployment: x86_7a14c8674754dcf40e85aa63c4ee2a78_31bf3856ad364e35_9.1.8112.20551_none_0646464ae3a34ab8
2012-06-30 05:59:05, Info CSI 00000022 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a744c
2012-06-30 05:59:05, Info CSI 00000023 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [7a14c8674754dcf40e85aa63c4ee2a78, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a705c
2012-06-30 05:59:05, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-4_neutral_GDR, PinDeployment: x86_997ebd4c7e3d2534befa8d4eddbaef60_31bf3856ad364e35_9.1.8112.16446_none_1da17bf6b4d7f945
2012-06-30 05:59:05, Info CSI 00000024 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a7524
2012-06-30 05:59:05, Info CSI 00000025 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [997ebd4c7e3d2534befa8d4eddbaef60, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7374
2012-06-30 05:59:05, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-5_neutral_LDR, PinDeployment: x86_08a9c1e879c637726049e3b4c0d63389_31bf3856ad364e35_9.1.8112.20551_none_11cb76da9f989ec8
2012-06-30 05:59:05, Info CSI 00000026 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x2282284
2012-06-30 05:59:05, Info CSI 00000027 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [08a9c1e879c637726049e3b4c0d63389, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a74dc
2012-06-30 05:59:05, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-6_neutral_GDR, PinDeployment: x86_96e6761d0a9e9a594817e1d48e42f689_31bf3856ad364e35_9.1.8112.16446_none_7e91bc7f138cb645
2012-06-30 05:59:05, Info CSI 00000028 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a47f4
2012-06-30 05:59:06, Info CSI 00000029 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [96e6761d0a9e9a594817e1d48e42f689, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7644
2012-06-30 05:59:06, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-7_neutral_LDR, PinDeployment: x86_b5847c0a6e96e1e6c1368ed83823034d_31bf3856ad364e35_9.1.8112.20551_none_e3e4fdc207f516ce
2012-06-30 05:59:06, Info CSI 0000002a Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x41a3324
2012-06-30 05:59:06, Info CSI 0000002b Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [b5847c0a6e96e1e6c1368ed83823034d, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a36cc
2012-06-30 05:59:06, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-8_neutral_GDR, PinDeployment: x86_d0f8d59214aebbc8c3c5aa077e648760_31bf3856ad364e35_9.1.8112.16446_none_900f80d7b974dd2e
2012-06-30 05:59:06, Info CSI 0000002c Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x2281e4c
2012-06-30 05:59:06, Info CSI 0000002d Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [d0f8d59214aebbc8c3c5aa077e648760, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x2281f24
2012-06-30 05:59:06, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-9_neutral_LDR, PinDeployment: x86_367467aaa33a89e394029e9e6b9dfac1_31bf3856ad364e35_9.1.8112.20551_none_3fa20629c7184aef
2012-06-30 05:59:06, Info CSI 0000002e Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x228211c
2012-06-30 05:59:06, Info CSI 0000002f Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [367467aaa33a89e394029e9e6b9dfac1, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x22823a4
2012-06-30 05:59:06, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-10_neutral_GDR, PinDeployment: x86_0abbfc8e6f1019da86a7a0c3bc44173a_31bf3856ad364e35_9.1.8112.16446_none_70ef796488766f17
2012-06-30 05:59:06, Info CSI 00000030 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a7e8c
2012-06-30 05:59:06, Info CSI 00000031 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [0abbfc8e6f1019da86a7a0c3bc44173a, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a4374
2012-06-30 05:59:06, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-11_neutral_LDR, PinDeployment: x86_2af50a74b4554af5034d5773fe5b9c11_31bf3856ad364e35_9.1.8112.20551_none_cbfaa7ff99d53715
2012-06-30 05:59:06, Info CSI 00000032 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x41a324c
2012-06-30 05:59:07, Info CSI 00000033 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [2af50a74b4554af5034d5773fe5b9c11, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a432c
2012-06-30 05:59:07, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-12_neutral_GDR, PinDeployment: x86_7bc3c5271876da5eb73ef58be4b92bd0_31bf3856ad364e35_9.1.8112.16446_none_9702b035d39bbfed
2012-06-30 05:59:07, Info CSI 00000034 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x42c5c9c
2012-06-30 05:59:07, Info CSI 00000035 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [7bc3c5271876da5eb73ef58be4b92bd0, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7c4c
2012-06-30 05:59:07, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-13_neutral_LDR, PinDeployment: x86_dd58afd7e15837a69d1db8fcccb4981b_31bf3856ad364e35_9.1.8112.20551_none_34096fa1580e9844
2012-06-30 05:59:07, Info CSI 00000036 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a7cdc
2012-06-30 05:59:07, Info CSI 00000037 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [dd58afd7e15837a69d1db8fcccb4981b, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7bbc
2012-06-30 05:59:07, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-14_neutral_GDR, PinDeployment: x86_42020cfd57ee7913faf5b1faa95a2b3f_31bf3856ad364e35_9.1.8112.16446_none_e3f24863957460ac
2012-06-30 05:59:07, Info CSI 00000038 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a432c
2012-06-30 05:59:08, Info CSI 00000039 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [42020cfd57ee7913faf5b1faa95a2b3f, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7bbc
2012-06-30 05:59:08, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-15_neutral_LDR, PinDeployment: x86_8a14469b30b196b1edf6b902a5c9dcd0_31bf3856ad364e35_9.1.8112.20551_none_79d63d04090d3f2c
2012-06-30 05:59:08, Info CSI 0000003a Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x42cb6dc
2012-06-30 05:59:08, Info CSI 0000003b Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [8a14469b30b196b1edf6b902a5c9dcd0, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42cb0f4
2012-06-30 05:59:08, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-16_neutral_GDR, PinDeployment: x86_600c6148b782e312186c417724aea0fe_31bf3856ad364e35_9.1.8112.16446_none_1dc4fc8c215ae7f5
2012-06-30 05:59:08, Info CSI 0000003c Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a432c
2012-06-30 05:59:09, Info CSI 0000003d Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [600c6148b782e312186c417724aea0fe, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42cb7fc
2012-06-30 05:59:09, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-17_neutral_LDR, PinDeployment: x86_93b357e5d7891a11c80af2fd624e8674_31bf3856ad364e35_9.1.8112.20551_none_9bf6d7b1fd981547
2012-06-30 05:59:09, Info CSI 0000003e Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x2284c34
2012-06-30 05:59:09, Info CSI 0000003f Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [93b357e5d7891a11c80af2fd624e8674, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x22849ac
2012-06-30 05:59:09, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-18_neutral_GDR, PinDeployment: x86_171847c59628b84e4b9c1d419947b855_31bf3856ad364e35_9.1.8112.16446_none_164275f01b317eb9
2012-06-30 05:59:09, Info CSI 00000040 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x2284d0c
2012-06-30 05:59:09, Info CSI 00000041 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [171847c59628b84e4b9c1d419947b855, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x2284d54
2012-06-30 05:59:09, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-19_neutral_LDR, PinDeployment: x86_340dcb2a4eb8584876da587b49b0cd40_31bf3856ad364e35_9.1.8112.20551_none_38ef95ea43b2e6e7
2012-06-30 05:59:09, Info CSI 00000042 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x41a36cc
2012-06-30 05:59:09, Info CSI 00000043 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [340dcb2a4eb8584876da587b49b0cd40, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x2284ba4
2012-06-30 05:59:09, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-20_neutral_GDR, PinDeployment: x86_801c64e10920931812308a6b9ca23f25_31bf3856ad364e35_9.1.8112.16446_none_84e7e35875a46696
2012-06-30 05:59:09, Info CSI 00000044 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x2284d0c
2012-06-30 05:59:09, Info CSI 00000045 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [801c64e10920931812308a6b9ca23f25, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x228491c
2012-06-30 05:59:09, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-21_neutral_LDR, PinDeployment: x86_b058c199721f610bc19ac1c8f8406cb7_31bf3856ad364e35_9.1.8112.20551_none_597372e5e4c201fd
2012-06-30 05:59:09, Info CSI 00000046 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x41a33fc
2012-06-30 05:59:09, Info CSI 00000047 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [b058c199721f610bc19ac1c8f8406cb7, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42c5b7c
2012-06-30 05:59:09, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-22_neutral_GDR, PinDeployment: x86_4bef61741d887ce7bfd6be32b529fb54_31bf3856ad364e35_9.1.8112.16446_none_2c33511b56450edb
2012-06-30 05:59:09, Info CSI 00000048 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x1a38e04
2012-06-30 05:59:09, Info CSI 00000049 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [4bef61741d887ce7bfd6be32b529fb54, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x1a38dbc
2012-06-30 05:59:09, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-23_neutral_LDR, PinDeployment: x86_bd2cecb88f3c3c7d1533a1728dd53641_31bf3856ad364e35_9.1.8112.20551_none_16f1ff01f7790d5c
2012-06-30 05:59:09, Info CSI 0000004a Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x1a38c0c
2012-06-30 05:59:10, Info CSI 0000004b Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [bd2cecb88f3c3c7d1533a1728dd53641, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x1a38e94
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-24_neutral_GDR, PinDeployment: x86_c8746fe94520b0379f258a0c214ee7ba_31bf3856ad364e35_9.1.8112.16446_none_f742efe2b9260374
2012-06-30 05:59:10, Info CSI 0000004c Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x42c5bc4
2012-06-30 05:59:10, Info CSI 0000004d Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [c8746fe94520b0379f258a0c214ee7ba, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x1a38c0c
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-25_neutral_LDR, PinDeployment: x86_9178963cc08d4c7b319428b4fac4f76a_31bf3856ad364e35_9.1.8112.20551_none_e443b597f52534a6
2012-06-30 05:59:10, Info CSI 0000004e Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x1a38dbc
2012-06-30 05:59:10, Info CSI 0000004f Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [9178963cc08d4c7b319428b4fac4f76a, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x1a395e4
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-26_neutral_GDR, PinDeployment: x86_0e2d1cf953b90d4eb554bd1d1865e495_31bf3856ad364e35_9.1.8112.16446_none_ed01b7eb9fd4f9f0
2012-06-30 05:59:10, Info CSI 00000050 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a40a4
2012-06-30 05:59:10, Info CSI 00000051 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [0e2d1cf953b90d4eb554bd1d1865e495, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x228491c
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-27_neutral_LDR, PinDeployment: x86_16d1652c7a12bfcd6f3d81de1c8bade4_31bf3856ad364e35_9.1.8112.20551_none_330ea9d99aa222f1
2012-06-30 05:59:10, Info CSI 00000052 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x41a97b4
2012-06-30 05:59:10, Info CSI 00000053 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [16d1652c7a12bfcd6f3d81de1c8bade4, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a9bec
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-28_neutral_GDR, PinDeployment: x86_36ee4c58178d4b7c19fb10461215cfda_31bf3856ad364e35_9.1.8112.16446_none_a7981919b7f75ef1
2012-06-30 05:59:10, Info CSI 00000054 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x41a9694
2012-06-30 05:59:10, Info CSI 00000055 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [36ee4c58178d4b7c19fb10461215cfda, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a988c
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-29_neutral_LDR, PinDeployment: x86_9f83895511d12ceffbd0139f2d911f54_31bf3856ad364e35_9.1.8112.20551_none_7385b80ca0171851
2012-06-30 05:59:10, Info CSI 00000056 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x228491c
2012-06-30 05:59:10, Info CSI 00000057 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [9f83895511d12ceffbd0139f2d911f54, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a9694
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-30_neutral_GDR, PinDeployment: x86_75cef898612736819e8f6e5db792ca6c_31bf3856ad364e35_9.1.8112.16446_none_bb98ed6794047dd0
2012-06-30 05:59:10, Info CSI 00000058 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x1a38c0c
2012-06-30 05:59:10, Info CSI 00000059 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [75cef898612736819e8f6e5db792ca6c, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x1a394c4
2012-06-30 05:59:10, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-31_neutral_LDR, PinDeployment: x86_7f9e2b4824bb66e7db14e413027caba6_31bf3856ad364e35_9.1.8112.20551_none_beaebfec80421a93
2012-06-30 05:59:10, Info CSI 0000005a Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x33a40a4
2012-06-30 05:59:11, Info CSI 0000005b Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [7f9e2b4824bb66e7db14e413027caba6, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x1a395e4
2012-06-30 05:59:11, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-32_neutral_GDR, PinDeployment: x86_f0a999dd402a89c247d7539209fffe34_31bf3856ad364e35_9.1.8112.16446_none_1fbbf1608e29a4fd
2012-06-30 05:59:11, Info CSI 0000005c Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x42c5b7c
2012-06-30 05:59:11, Info CSI 0000005d Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [f0a999dd402a89c247d7539209fffe34, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42cb2a4
2012-06-30 05:59:11, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-33_neutral_LDR, PinDeployment: x86_883eecca3c867862f7095c114a280516_31bf3856ad364e35_9.1.8112.20551_none_f3588ecd2786355e
2012-06-30 05:59:11, Info CSI 0000005e Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x427e9ec
2012-06-30 05:59:11, Info CSI 0000005f Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [883eecca3c867862f7095c114a280516, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a9d54
2012-06-30 05:59:11, Info CBS Exec: Resolving Package: Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0, Update: 2699988-34_neutral_GDR, PinDeployment: x86_869d2e2bff335fc312ce9e8dc7598411_31bf3856ad364e35_9.1.8112.16446_none_4e64b871c4da6a66
2012-06-30 05:59:11, Info CSI 00000060 Performing 1 operations; 1 are not lock/unlock and follow:
AddCat (14): flags: 0 catfile: @0x41a991c
2012-06-30 05:59:11, Info CSI 00000061 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [869d2e2bff335fc312ce9e8dc7598411, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x2284d9c
2012-06-30 05:59:11, Info CSI 00000062 Performing 34 operations; 34 are not lock/unlock and follow:
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-Scripting-JScript, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-Scripting-JScript, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-WinsockAutodialStub, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-WinsockAutodialStub, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-VersionInfo, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-VersionInfo, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-RuntimeUtilities, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf
2012-06-30 05:59:11, Info CSI 3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-RuntimeUtilities, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-PluggableHandlersAndSecurityZones, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-PluggableHandlersAndSecurityZones, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-JScriptDebugUI, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-JScriptDebugUI, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-InternetExplorer-Optional, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-InternetExplorer-Optional, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, Ve
2012-06-30 05:59:11, Info CSI rsionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-InternetExplorer, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-InternetExplorer, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-InternetControlPanel, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-InternetControlPanel, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-IEShims, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-IEShims, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-IEProxy, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 n
2012-06-30 05:59:11, Info CSI onSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-IEProxy, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-HTMLRendering, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-HTMLRendering, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-HTMLEditing, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-HTMLEditing, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-ieframe, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-ieframe, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e3
2012-06-30 05:59:11, Info CSI 5}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-ExtCompat, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-ExtCompat, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-DevTools, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-DevTools, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-ClientNetworkProtocolImplementation, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
PrestageComponent (13): flags: 0 app: (null) comp: Microsoft-Windows-IE-ClientNetworkProtocolImplementation, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2012-06-30 05:59:11, Info CSI 00000063 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-Scripting-JScript, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x22849f4
2012-06-30 05:59:11, Info CSI 00000064 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-Scripting-JScript, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b6744
2012-06-30 05:59:11, Info CSI 00000065 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-WinsockAutodialStub, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a45fc
2012-06-30 05:59:12, Info CSI 00000066 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-WinsockAutodialStub, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a768c
2012-06-30 05:59:12, Info CSI 00000067 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-VersionInfo, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42cb184
2012-06-30 05:59:12, Info CSI 00000068 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-VersionInfo, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b70d4
2012-06-30 05:59:12, Info CSI 00000069 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-RuntimeUtilities, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a72e4
2012-06-30 05:59:12, Info CSI 0000006a Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-RuntimeUtilities, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7934
2012-06-30 05:59:12, Info CSI 0000006b Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-PluggableHandlersAndSecurityZones, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x2284c34
2012-06-30 05:59:12, Info CSI 0000006c Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-PluggableHandlersAndSecurityZones, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a9184
2012-06-30 05:59:13, Info CSI 0000006d Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-JScriptDebugUI, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b6624
2012-06-30 05:59:13, Info CSI 0000006e Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-JScriptDebugUI, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x2284bec
2012-06-30 05:59:13, Info CSI 0000006f Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-InternetExplorer-Optional, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7ed4
2012-06-30 05:59:13, Info CSI 00000070 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-InternetExplorer-Optional, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a95bc
2012-06-30 05:59:13, Info CSI 00000071 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-InternetExplorer, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a9334
2012-06-30 05:59:13, Info CSI 00000072 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-InternetExplorer, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x22821f4
2012-06-30 05:59:14, Info CSI 00000073 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-InternetControlPanel, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x22845bc
2012-06-30 05:59:14, Info CSI 00000074 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-InternetControlPanel, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b70d4
2012-06-30 05:59:14, Info CSI 00000075 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-IEShims, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a348c
2012-06-30 05:59:14, Info CSI 00000076 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-IEShims, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x219ec54
2012-06-30 05:59:14, Info CSI 00000077 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-IEProxy, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a7b74
2012-06-30 05:59:14, Info CSI 00000078 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-IEProxy, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42c5984
2012-06-30 05:59:15, Info CSI 00000079 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-HTMLRendering, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x33a717c
2012-06-30 05:59:15, Info CSI 0000007a Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-HTMLRendering, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42c5dbc
2012-06-30 05:59:16, Info CSI 0000007b Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-HTMLEditing, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42c5984
2012-06-30 05:59:16, Info CSI 0000007c Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-HTMLEditing, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b7314
2012-06-30 05:59:16, Info CSI 0000007d Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-ieframe, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41a9334
2012-06-30 05:59:16, Info CSI 0000007e Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-ieframe, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b781c
2012-06-30 05:59:16, Info CSI 0000007f Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-ExtCompat, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b7c9c
2012-06-30 05:59:17, Info CSI 00000080 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-ExtCompat, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b766c
2012-06-30 05:59:17, Info CSI 00000081 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-DevTools, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x42cb40c
2012-06-30 05:59:17, Info CSI 00000082 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-DevTools, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b739c
2012-06-30 05:59:17, Info CSI 00000083 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-ClientNetworkProtocolImplementation, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b8044
2012-06-30 05:59:17, Info CSI 00000084 Performing 1 operations; 1 are not lock/unlock and follow:
Stage (1): flags: 8 app: [Microsoft-Windows-IE-ClientNetworkProtocolImplementation, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) comp: (null) man: @0x41b7d2c
2012-06-30 05:59:17, Info CSI 00000085 Performing 34 operations; 34 are not lock/unlock and follow:
Pin (3): flags: 0 tlc: [3caa79f4209db08dc53b42102a5b19fe, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-1_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [7d5185ee205ca41b356047bb09a771ff, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-2_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [7a14c8674754dcf40e85aa63c4ee2a78, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-3_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [997ebd4c7e3d2534befa8d4eddbaef60, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB269998
2012-06-30 05:59:17, Info CSI 8~31bf3856ad364e35~x86~~9.1.1.0.2699988-4_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [08a9c1e879c637726049e3b4c0d63389, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-5_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [96e6761d0a9e9a594817e1d48e42f689, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-6_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [b5847c0a6e96e1e6c1368ed83823034d, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-7_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [d0f8d59214aebbc8c3c5aa077e648760, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs
2012-06-30 05:59:17, Info CSI : 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-8_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [367467aaa33a89e394029e9e6b9dfac1, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:150{75}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-9_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [0abbfc8e6f1019da86a7a0c3bc44173a, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-10_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [2af50a74b4554af5034d5773fe5b9c11, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-11_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [7bc3c5271876da5eb73ef58be4b92bd0, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKe
2012-06-30 05:59:17, Info CSI yToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-12_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [dd58afd7e15837a69d1db8fcccb4981b, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-13_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [42020cfd57ee7913faf5b1faa95a2b3f, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-14_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [8a14469b30b196b1edf6b902a5c9dcd0, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-15_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [600c6148b782e312186c417724aea0fe, Version = 9.1.8
2012-06-30 05:59:17, Info CSI 112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-16_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [93b357e5d7891a11c80af2fd624e8674, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-17_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [171847c59628b84e4b9c1d419947b855, Version = 9.1.8112.16446, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-18_neutral_GDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace32b5f756356fdb191cb5c0"
Pin (3): flags: 0 tlc: [340dcb2a4eb8584876da587b49b0cd40, Version = 9.1.8112.20551, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral]) ref: ( flgs: 00000000 guid: {d16d444c-56d8-11d5-882d-0080c847b195} name: [l:152{76}]"Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0.2699988-19_neutral_LDR" ncdata: [l:2{1}]"2") thumbprint: [l:128{64}]"9c2e9db0f1dad37f10c7f52a4ef0b940bb9ad0aace
2012-06-30 05:59:17, Info CSI 32b5f756356fdb191cb5c0"


----------



## eddie5659 (Mar 19, 2001)

Just having a look now, but after the last post, is there much left?

If there is, let me see what has been posted already


----------



## eddie5659 (Mar 19, 2001)

Okay, having a look through it, I do see one occurrence. You have these:


```
2012-06-30 05:57:55, Info CBS Pkgmgr: Installing package from: C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2677070.cab
2012-06-30 05:57:55, Info CBS Pkgmgr: called with: ""C:\Windows\system32\pkgmgr.exe" /ip /norestart /m:"C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2677070.cab" /s:"C:\Program Files\IObit\Advanced SystemCare 5\KB2677070.cab_Temp" "
```
Now, this is a program I thought we removed a while back, but then I've just looked back and didn't see Advance SystemCare.

Could you see if it is in AddRemove Programs, either called:

Iobit Advanced SystemCare 5

or

Advanced SystemCare 5

If its there, can you uninstall it.

---

After doing the above, can you do the following, even if it was uninstalled:

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

Pop it on your Desktop, but don't run it.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## baffledUK (Jul 2, 2012)

Theres absolutely loads Ive only sent 15%


----------



## eddie5659 (Mar 19, 2001)

Just posted above your last reply 

The first part that I looked at kept pointing to the same thing, so leave the log for now, and try the ComboFix part


----------



## baffledUK (Jul 2, 2012)

attached as requested


----------



## eddie5659 (Mar 19, 2001)

Lets see if that removed it. Using SystemLook again, can you run this code, and post the results:


```
:folderfind
*IObit
:filefind
*KB2677070.cab
*inetcpl.cpl
```
I'm also looking for another file, which is related to the Internet


----------



## baffledUK (Jul 2, 2012)

thanks again Eddie


----------



## eddie5659 (Mar 19, 2001)

Sorry, been away for a few days as it was the bank holiday weekend, so took some time off.

Okay, firstly it looks like Iobit has gone. Now, the one main thing I wanted, was this one, and its showing:

C:\Windows\System32\inetcpl.cpl

This is your Internet Options. 

Now, it is a legit file, and firstly can you check to see if it works. Just open Windows Explorer, navigate to it and then double-click the file.

If it opens up, let me know.

Also, in the Control Panel, are you viewing it by Catagory or by icons?


----------



## baffledUK (Jul 2, 2012)

double clicked on file does not open. Viewing by icons classic view, switched to the other, neither of them allow me to open. With the icons view just the globe no wording underneath. It used to say internet options..... hope this helps.


----------



## baffledUK (Jul 2, 2012)

Eddie I've attached the file I looked at hope it's the right one


----------



## baffledUK (Jul 2, 2012)

oops file to big to upload... teaches me trying to be clever!!


----------



## eddie5659 (Mar 19, 2001)

Its okay, we can look at the file properties first, to see if its legit 

Using SystemLook again, can you use the following code, and post the log:


```
:file
C:\Windows\System32\inetcpl.cpl
```


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 23:24 on 30/08/2012 by currys
Administrator - Elevation successful

========== file ==========

C:\Windows\System32\inetcpl.cpl - File found and opened.
MD5: A664679445BFF4FA5A39D933F1AD7F12
Created at 20:01 on 15/08/2012
Modified at 00:08 on 29/06/2012
Size: 1427968 bytes
Attributes: --a----
FileDescription: Internet Control Panel
FileVersion: 9.00.8112.16448 (WIN7_IE9_GDR.120628-1537)
ProductVersion: 9.00.8112.16448
OriginalFilename: INETCPL.CPL
InternalName: INETCPL.CPL
ProductName: Windows® Internet Explorer
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, its identical to mine, so lets see if we can do this. Now, I've attached the file, but its a strange way, due to the filesize.

So, firstly, download the *inetcpl.txt* file.

Then, go to Windows Explorer, and at the top in the menu, select Tools then Options.

In the View tab, select *Show Hidden Files and Folders* and UNtick *Hide Extensions for Known File Types*.

Apply and OK.

Go back to the *inetcpl.txt* and right-click on it and select *Rename*.

Rename it to

*inetcpl.zip*

if a warning pops up, select Yes.

Then, open the zip file, and extract the file to your Desktop.

--

Now, go to the *inetcpl* file in your System32 folder. Don't delete it, but move it somewhere else, say My Documents.

Then, copy/paste the new one on your Desktop into the system32 folder, and restart.

Does that work, as in the icon? If so, is it in your Control Panel?

eddie


----------



## baffledUK (Jul 2, 2012)

Got the renamed folder to desktop...but then message windows will not open this folder. The compressed(zipped) folder C:\users\currys\Desktop\inetcpl.zip is invalid


----------



## eddie5659 (Mar 19, 2001)

That's strange. Just booted up a vista laptop, and it was compressed folder usage.

Does the icon look like this after you renamed it?










If not, did you select the option to show file extensions for known file types?


----------



## baffledUK (Jul 2, 2012)

Yes it does look like this and yes I did select the option...................can't post file as its too big


----------



## eddie5659 (Mar 19, 2001)

Okay, lets try using a rar file instead.

Do you have Winrar? If not, get the free one from here, no need to register:

http://www.rarlab.com/download.htm

The top one:

WinRAR x86 (32 bit) 4.20

Then, download the attached file, and see if you can do it again, but this time, instead of naming it to zip, rename to rar.

eddie


----------



## baffledUK (Jul 2, 2012)

Sorry Eddie really struggling, Error box says The archive is either in unknown format or damaged......


----------



## eddie5659 (Mar 19, 2001)

That's okay, I have another way 

Can you download Hjsplit:

http://www.hjsplit.org/windows/

Under the picture, it says this:

*To download HJSplit 3.0 for Windows (200 Kb), just click on one of the links below: *

Save it to your Desktop. Its a standalone program, no need to install anything.

I've attached a few files below. They are called:

inetcpl.cpl.001
inetcpl.cpl.002
inetcpl.cpl.003
inetcpl.cpl.004

I've had to upload as a zip file for each, so download and extract each one to the Desktop. If that still doesn't work, ignore the below whilst I figure something else out 

Download all to the desktop.

Then, open up hjsplit:










Then, click on the *Join* button:










Now, on the first button, called *Input File*, and click on the file that has the 001 on it (it won't allow you to click on any other):










Now, click on Start, and it will join the files together, close and exit after as normal.

Is the file created okay?


----------



## baffledUK (Jul 2, 2012)

Eddie the files joined, closed and exited as normal....don't know where the created file went????


----------



## eddie5659 (Mar 19, 2001)

It normally creates it in the same place as the files to be joined are located.

if you placed it on your Desktop, it should be there.

If not, lets see if we can find it using SystemLook again 


```
:filefind
*inetcpl.cpl
```
And post the log


----------



## baffledUK (Jul 2, 2012)

Found it....

SystemLook 30.07.11 by jpshortstuff
Log created at 00:26 on 11/09/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*inetcpl.cpl"
C:\Users\currys\Desktop\inetcpl.cpl --a---- 1494528 bytes [21:16 10/09/2012] [21:16 10/09/2012] F82044FA23BCBA1BD7453435C9ED30B9
C:\Windows\System32\inetcpl.cpl --a---- 1427968 bytes [20:01 15/08/2012] [00:08 29/06/2012] A664679445BFF4FA5A39D933F1AD7F12
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16643_none_8d2b289854cfbb4f\inetcpl.cpl --a---- 1831424 bytes [20:38 21/08/2008] [04:42 21/02/2008] E2261FA5B2A8251E58F8D9214BCFBDB0
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16681_none_8cfde85454f1f865\inetcpl.cpl --a---- 1831424 bytes [20:49 21/08/2008] [04:22 25/04/2008] EA9E6812F3D1D2087183106939B289B7
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16851_none_8d1e5be454d99ee0\inetcpl.cpl --a---- 1830912 bytes [16:08 15/06/2009] [16:14 24/04/2009] 735937CFA6F7AD3FFAF285DFD5DDDCE7
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20777_none_8d9856c76e021448\inetcpl.cpl --a---- 1831424 bytes [20:38 21/08/2008] [04:49 22/02/2008] ED2D769010B52CD62EAEE69B1E78D367
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20823_none_8dca67216ddd205e\inetcpl.cpl --a---- 1831424 bytes [20:49 21/08/2008] [04:07 25/04/2008] 3AAD01731B0CEB1E3423D84469A45B0A
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.21046_none_8db7a22f6dead4ae\inetcpl.cpl --a---- 1830912 bytes [16:08 15/06/2009] [15:55 24/04/2009] 769573C96035174FC9EC1142A3124C03
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6001.18000_none_8f39a61051d89077\inetcpl.cpl --a---- 1827840 bytes [02:24 21/01/2008] [02:24 21/01/2008] 7EF404D69EC14AD5BFB9DF93124395BB
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6002.18005_none_91251f1c4efa5bc3\inetcpl.cpl --a---- 1827840 bytes [19:47 20/10/2009] [06:27 11/04/2009] 9ED83C84DA75E974F496721B6F8AE02E
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18702_none_7224c86a67a400d4\inetcpl.cpl --a---- 1469440 bytes [19:07 15/06/2009] [11:34 08/03/2009] D9D2AB8103E404A86DF0656F3577D615
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18783_none_71cf495467e3f9b3\inetcpl.cpl --a---- 1469440 bytes [19:08 15/06/2009] [05:35 09/05/2009] 2C1BD1E52DECC9B5F46BA484ED01A68E
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18813_none_721afaae67ab3343\inetcpl.cpl --a---- 1469440 bytes [18:27 28/07/2009] [21:47 21/07/2009] 6170F321C015419103FB34D467C700F0
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18828_none_72152c3467aecde7\inetcpl.cpl --a---- 1469440 bytes [18:16 15/10/2009] [05:17 27/08/2009] 9347E85EDD7A27BE8224D8C69FA71AD2
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18865_none_71e6eba667d1f1a6\inetcpl.cpl --a---- 1469440 bytes [08:37 11/12/2009] [06:34 21/11/2009] 64A0C7C0CB4592EF01F23282F551A3AD
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18882_none_71ce4af067e4dd83\inetcpl.cpl --a---- 1469440 bytes [19:47 21/01/2010] [06:32 02/01/2010] 7F93441B0E7BD72EBDAAC4BB709AE87B
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18904_none_7226ccca67a22dd0\inetcpl.cpl --a---- 1469440 bytes [20:39 30/03/2010] [06:33 23/02/2010] 1F49D8BF29681ADE8E81674E684E6F1E
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18928_none_72152e1a67aecb0e\inetcpl.cpl --a---- 1469440 bytes [19:40 11/06/2010] [05:55 04/05/2010] A27931DC4B10071FEE47AE16D29F3FCE
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18943_none_71fa8cd067c3843d\inetcpl.cpl --a---- 1469440 bytes [15:55 11/08/2010] [06:02 26/06/2010] 07B9200338969506453AD0F9BBA33227
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18975_none_71dc1da067da0abe\inetcpl.cpl --a---- 1469440 bytes [10:15 14/10/2010] [05:57 08/09/2010] 98CC8075C09D0BCE505391EA154AF29A
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18999_none_71ca7ef067e6a7fc\inetcpl.cpl --a---- 1469440 bytes [11:03 17/12/2010] [05:57 02/11/2010] 65B1AA6F99932C2F6F7B405D66BE4667
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.19019_none_7220d67267a5fbb6\inetcpl.cpl --a---- 1469440 bytes [23:32 09/02/2011] [06:22 18/12/2010] 01ECEE993F1191B7B8FDB8FCA87F4D88
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.19048_none_71ff666467bf3632\inetcpl.cpl --a---- 1469440 bytes [21:22 14/04/2011] [06:16 22/02/2011] 30F7239F4B2A4106484B5E4BCCEA80F0
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.19222_none_720f084c67b46094\inetcpl.cpl --a---- 1469440 bytes [19:50 15/05/2012] [11:25 28/02/2012] 785EFA05F628D2E58745F8E8E56E640E
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22874_none_7264b65580f896e3\inetcpl.cpl --a---- 1469440 bytes [19:08 15/06/2009] [22:35 12/05/2009] 9123E4F614F44D4D19CA7E09400BBE82
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22903_none_72af676580c0b71c\inetcpl.cpl --a---- 1469440 bytes [18:27 28/07/2009] [05:58 22/07/2009] 646C60B9CBD2D0365FC1FC21831B8F65
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22918_none_72a998eb80c451c0\inetcpl.cpl --a---- 1469440 bytes [18:16 15/10/2009] [13:21 27/08/2009] 6478DC7ABC5EDD343C14BEF13DC9D949
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22956_none_727c58a780e68ed6\inetcpl.cpl --a---- 1469440 bytes [08:37 11/12/2009] [14:59 21/11/2009] B3859CF9524F3AA0FB2B8A39C4D30AC8
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22973_none_7263b7f180f97ab3\inetcpl.cpl --a---- 1469440 bytes [19:47 21/01/2010] [14:50 02/01/2010] 449299FEE243E9CF19F67F106B390180
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22995_none_725018ad8107e543\inetcpl.cpl --a---- 1469440 bytes [20:39 30/03/2010] [15:01 23/02/2010] 531C27F73A231D48C971211C76A5B299
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.23019_none_72aa715780c39e59\inetcpl.cpl --a---- 1469440 bytes [19:40 11/06/2010] [06:30 04/05/2010] 77DD7FE45AD5F554A25895B371A3EFA9
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.23040_none_7280fef980e40e1d\inetcpl.cpl --a---- 1469440 bytes [15:55 11/08/2010] [06:48 26/06/2010] 0824D8552F8780ED82F7D83492AB9667
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.23067_none_7272612780edf760\inetcpl.cpl --a---- 1469440 bytes [10:15 14/10/2010] [06:21 08/09/2010] 60885E620B566D18B536E8F76979B755
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.23091_none_724befa7810bb329\inetcpl.cpl --a---- 1469440 bytes [11:03 17/12/2010] [07:07 02/11/2010] BC970C782F9E4BAD526A300EB98A2C59
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.23111_none_72a270ed80cad0c8\inetcpl.cpl --a---- 1469440 bytes [23:32 09/02/2011] [07:11 18/12/2010] 9C82DED3E5784D7A57C6D2CA571F7F41
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.23143_none_728401bd80e15749\inetcpl.cpl --a---- 1469440 bytes [21:22 14/04/2011] [07:13 22/02/2011] 1D26F21CA8EFE915A129D7775239F2F0
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.23318_none_72a976bf80c47c77\inetcpl.cpl --a---- 1469440 bytes [19:50 15/05/2012] [18:00 28/02/2012] FA6562BA1F67E5AF763B95C365659E5A
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16421_none_4f2ce1008fbcd689\inetcpl.cpl --a---- 1427456 bytes [18:37 12/05/2011] [18:37 12/05/2011] 11086A81EB001967452FF9EC8B926613
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16440_none_4f1640de8fcdf514\inetcpl.cpl --a---- 1427456 bytes [22:52 13/12/2011] [22:40 03/11/2011] 059FD7158F7D5F16B838D6C6C8B15109
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16441_none_4f1741288fcd0e6b\inetcpl.cpl --a---- 1427456 bytes [00:12 20/02/2012] [02:56 14/12/2011] A7D606507DC77F9C139B58EEDA6BF3FE
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16443_none_4f1941bc8fcb4119\inetcpl.cpl --a---- 1427456 bytes [14:09 21/04/2012] [14:09 21/04/2012] 8D8BE3DCACEA6C8E52D506E7BAAEA2D4
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16446_none_4f1c429a8fc88d1e\inetcpl.cpl --a---- 1427968 bytes [18:29 19/06/2012] [22:35 17/05/2012] 65D69DFF0C67B0924F0FA576773AA18F
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16447_none_4f1d42e48fc7a675\inetcpl.cpl --a---- 1427968 bytes [20:05 11/07/2012] [08:25 02/06/2012] F20D67994CAE796EABF2F57D04F9BADA
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16448_none_4f1e432e8fc6bfcc\inetcpl.cpl --a---- 1427968 bytes [20:01 15/08/2012] [00:08 29/06/2012] A664679445BFF4FA5A39D933F1AD7F12
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.20544_none_4fa3ded1a8e7fa3a\inetcpl.cpl --a---- 1427456 bytes [22:52 13/12/2011] [23:07 03/11/2011] CB10970F5C026EDB0608F92EC3B64377
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.20546_none_4fa5df65a8e62ce8\inetcpl.cpl --a---- 1427456 bytes [00:12 20/02/2012] [02:28 14/12/2011] 83CD22A9A49E145F8F9527DC484456BC
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.20548_none_4fa7dff9a8e45f96\inetcpl.cpl --a---- 1427456 bytes [14:09 21/04/2012] [14:09 21/04/2012] 3135D9956E1B9127A39861BC32D10308
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.20551_none_4f960e07a8f2ca26\inetcpl.cpl --a---- 1427968 bytes [18:29 19/06/2012] [22:18 17/05/2012] 19706F03377A8BC398AD099A76677FF5
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.20553_none_4f980e9ba8f0fcd4\inetcpl.cpl --a---- 1427968 bytes [20:05 11/07/2012] [08:16 02/06/2012] 2841563BACB827FC5330944F613CCCF6
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.20554_none_4f990ee5a8f0162b\inetcpl.cpl --a---- 1427968 bytes [20:01 15/08/2012] [22:55 28/06/2012] 24DBA6A800568F57F0DE65E6DD6163E5

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Excellent, its there:

C:\Users\currys\Desktop\inetcpl.cpl

So, now, if you go to the one that you have in this folder:

C:\Windows\System32\inetcpl.cpl

*Don't* delete it, but move it to say, My Documents.

Then, copy/paste or Move the file from your Desktop to the System32 folder, restart and see if that appears in the Control Panel.

(now, I have noticed its slightly different now, and checked both of my versions, as I moved a copy to the Desktop as well. However, hopefully it will work)

eddie


----------



## baffledUK (Jul 2, 2012)

Completed suggested....Internet Options in Control Panel has completely disappeared!!


----------



## eddie5659 (Mar 19, 2001)

I'm a bit confused, as before you said in the title that the Internet Options were missing:



> Unfortunately they are still there........... no internet options in control Panel just the icon ( no wording below the icon). Internet explorer won't run from desktop.


http://forums.techguy.org/virus-oth...internet-options-control-panel-missing-3.html

Or do you mean that the icon was there, but no access to it, by clicking on it?

If so, as this didn't work, remove the inetcpl.cpl that you put in the System32 folder, and replace it with the original, that you moved to My Documents.

I'll have another look tonight, when home.

eddie


----------



## baffledUK (Jul 2, 2012)

Just the icon is in Control Panel, no options wording beneath. Will not open by clicking on icon. IE will not open from desktop... sorry for the confusion


----------



## eddie5659 (Mar 19, 2001)

I think it was me that got mistaken, sorry about that 

Have you swapped the files back to the original one? If so, I have booted my Vista laptop, and having a look now 

---

Have a few things to look at, to see what the actual status is.

On the Internet that you have on your Desktop, if you right-click on it and selct properties, does the Internet Options appear? I'm assuming this isn't a shortcut on the Desktop.

When you are actually in a IE page (online), can you click on Tools | Internet Options, at the top of the page?

If you get an error with any of these above, let me know.

Also, can you run this in SystemLook:


```
:reg
HKEY_CURRENT_USER\Control Panel\don't load\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Internet Explorer\Restrictions
```


----------



## baffledUK (Jul 2, 2012)

Eddie Only internet icon on desktop is IE. IE does not run at all so no tools/internet options.

Latest systemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 22:53 on 12/09/2012 by currys
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Control Panel\don't load\]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Internet Explorer\Restrictions]
(No values found)

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, it says at the beginning of this thread you have IE9, so lets see if reinstalling it works, as it may replace any corrupt files:

http://www.microsoft.com/en-us/download/details.aspx?id=16792

Also, can you see if you can access IE (if the above doesn't work) by going to Start | Run and typing:

iexplore.exe

and press OK


----------



## baffledUK (Jul 2, 2012)

Hi Eddie I tried reinstalling but it says setup can't continue because a more recent version of Internet Explorer is installed on my computer. Start/run does not work message, Firefox can't establish a connection to the server at 127.0.0.1:4664.


----------



## eddie5659 (Mar 19, 2001)

Hmmm, I was going to suggest a repair of IE, but for the later versions you need the Internet Options that you can't get into 

Now, you mentioned this address: 127.0.0.1.4664

Having a look on this, it seems that Google Desktop search can sometimes cause these problems. Can you see if uninstalling it via AddRemove Programs helps. You can always reinstall it if needed, but just curious if this can be the cause.

You may need a reboot to make sure.

I'll be here for another 2hrs


----------



## baffledUK (Jul 2, 2012)

uninstalled goggle desktop rebooted. No difference. Entering iexplore.exe now just takes me to a list of what seems to be random files.


----------



## eddie5659 (Mar 19, 2001)

Can you post a screenshot of what you get when you type iexplore.exe. Curious what it shows.

If not, are there a lot of files in there?


----------



## baffledUK (Jul 2, 2012)

attached is the file list ..........


----------



## eddie5659 (Mar 19, 2001)

Now that's strange, as the files that are there are just txt files, and by the looks of it, part of scans that you performed with various tools.

Is that all there is when you look in the folder?

Not sure what they're doing there.

Can you run this with SystemLook:


```
:filefind
*iexplore.exe
:reg
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions
```
and post the log


----------



## baffledUK (Jul 2, 2012)

Yep that's all that's there. Latest log for you...

SystemLook 30.07.11 by jpshortstuff
Log created at 22:37 on 17/09/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*iexplore.exe"
C:\Program Files\CheckPoint\ZAForceField\Heuristics\iexplore.exe --a---- 90624 bytes [15:42 29/04/2008] [15:42 29/04/2008] FBB39A4487E11F64DCFFD36AEC2D2216
C:\Program Files\Internet Explorer\iexplore.exe --a---- 748664 bytes [20:01 15/08/2012] [01:00 29/06/2012] 93569D46D79F9756ED077156496AFE23
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe --a---- 217672 bytes [17:56 02/07/2012] [12:46 03/07/2012] 8A7F34F0BBD076EC3815680A7309114F
C:\Windows\ERDNT\cache\iexplore.exe --a---- 748664 bytes [22:23 01/01/2012] [01:00 29/06/2012] 93569D46D79F9756ED077156496AFE23
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe --a---- 748336 bytes [18:37 12/05/2011] [18:37 12/05/2011] 904E13BA41AF2E353A32CF351CA53639
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_5898f8e3ebb5c47b\iexplore.exe --a---- 748664 bytes [18:29 19/06/2012] [23:21 17/05/2012] 0129BB16161C2FD9A6B19111AB047198
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_5899f92debb4ddd2\iexplore.exe --a---- 748664 bytes [20:05 11/07/2012] [09:08 02/06/2012] 34B01BBD8F00B6B9C9248DC4F1E3CD01
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe --a---- 748664 bytes [20:01 15/08/2012] [01:00 29/06/2012] 93569D46D79F9756ED077156496AFE23
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_5912c45104e00183\iexplore.exe --a---- 748664 bytes [18:29 19/06/2012] [22:59 17/05/2012] 268982F1FD671A077C6A2AF41E351436
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_5914c4e504de3431\iexplore.exe --a---- 748664 bytes [20:05 11/07/2012] [08:51 02/06/2012] BE967C74B89577B78FB57C061E12B04C
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe --a---- 748664 bytes [20:01 15/08/2012] [23:35 28/06/2012] EB4105348272018D096FEB655CD1608C
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe --a---- 625664 bytes [20:38 21/08/2008] [04:43 21/02/2008] 9437CA21CD48C9B6BFD6F5AC0143D251
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe --a---- 625664 bytes [20:49 21/08/2008] [04:22 25/04/2008] 07ED775D6DB4BFA96D7CFB09EB228418
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe --a---- 634648 bytes [16:08 15/06/2009] [16:25 24/04/2009] 1F44940EF1D07D0BDAF80E55853DFBD0
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe --a---- 625664 bytes [20:38 21/08/2008] [02:44 22/02/2008] 182CAF7403705ACCB51211A761080B8F
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe --a---- 625664 bytes [20:49 21/08/2008] [02:04 25/04/2008] 9F1427F203CA078005C9943800929640
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe --a---- 634648 bytes [16:08 15/06/2009] [16:03 24/04/2009] D5271AC4A06AD9D1E2EA0151B79B2657
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe --a---- 625664 bytes [02:23 21/01/2008] [02:23 21/01/2008] 5B92133D3E7FB2644677686305E29E81
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe --a---- 634632 bytes [16:08 15/06/2009] [16:08 24/04/2009] F294D8EEB05C835EC44A12CE0A1DFE7A
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe --a---- 634648 bytes [16:08 15/06/2009] [16:01 24/04/2009] D6157423C117F24D24695866A1D0A93F
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe --a---- 636080 bytes [19:47 20/10/2009] [06:27 11/04/2009] 2C5168C856455CC43C4B4E1CC1920001
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe --a---- 638816 bytes [19:07 15/06/2009] [21:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe --a---- 638216 bytes [18:27 28/07/2009] [21:53 21/07/2009] C33BD196A0301F9B23D9A003D30ED8B0
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe --a---- 638232 bytes [18:16 15/10/2009] [05:23 27/08/2009] 2E48756F12C21F46895036AC089AAD97
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe --a---- 638232 bytes [08:37 11/12/2009] [06:42 21/11/2009] 1B6362BB14FCEB9E76BCF9A953B04788
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe --a---- 638216 bytes [19:47 21/01/2010] [06:40 02/01/2010] 88BD42DAE7CFFEB256CA7145A15E4843
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe --a---- 638232 bytes [20:39 30/03/2010] [06:39 23/02/2010] 9F52FBE99C749E3F32C75124F09F1B03
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe --a---- 638232 bytes [19:40 11/06/2010] [06:00 04/05/2010] 5C9B1062EA7A44E8F6BFDE994B68C7AA
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe --a---- 638232 bytes [15:55 11/08/2010] [06:06 26/06/2010] 7420BE0E7D3D1320054F7ACA0594953D
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe --a---- 638232 bytes [10:15 14/10/2010] [06:02 08/09/2010] D5A730DFDEAE005373E62BC2A866E3BB
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe --a---- 638232 bytes [11:03 17/12/2010] [06:03 02/11/2010] 5AB037B17F8A87D052F5A88E0D29A3C8
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe --a---- 638232 bytes [23:32 09/02/2011] [06:28 18/12/2010] B988D7F127B94BD5BF8356FE81B985C4
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe --a---- 638232 bytes [21:22 14/04/2011] [06:21 22/02/2011] C1D36A2CBE0CEC4DF593DB1288CF586E
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19222_none_123762452fda50e6\iexplore.exe --a---- 638240 bytes [19:50 15/05/2012] [11:33 28/02/2012] 00A346CE3D3701EA085E87EEF746A74A
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe --a---- 638232 bytes [18:27 28/07/2009] [06:04 22/07/2009] 4B5AEA50CE77FBA4C2D169622DC9B489
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe --a---- 638216 bytes [18:16 15/10/2009] [13:31 27/08/2009] 7DD482E4A2E3CBB0A72F718C342F5B75
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe --a---- 638232 bytes [08:37 11/12/2009] [15:05 21/11/2009] E7F8DF50E483D165BB01F367D3519AA7
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe --a---- 638216 bytes [19:47 21/01/2010] [14:58 02/01/2010] 3D8DA00B028DEA9517066F1CECBFC4A2
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe --a---- 638232 bytes [20:39 30/03/2010] [15:06 23/02/2010] 25DB705A7DC85C208B3CF2D20F118AA7
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe --a---- 638232 bytes [19:40 11/06/2010] [06:32 04/05/2010] 48A6109E8DF0365195298CC527B7426A
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe --a---- 638232 bytes [15:55 11/08/2010] [06:52 26/06/2010] F05B3A2C6CB319DD1377AD566CF5ECE5
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe --a---- 638232 bytes [10:15 14/10/2010] [06:26 08/09/2010] 4A719476A6393B1DCACFEB4F3AC6599C
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe --a---- 638232 bytes [11:03 17/12/2010] [07:13 02/11/2010] 92A17B0A89D14815AACC62CD190B6CE3
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe --a---- 638232 bytes [23:32 09/02/2011] [07:19 18/12/2010] 7852371DA9EFBC17B645558E23780EAC
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe --a---- 638232 bytes [21:22 14/04/2011] [07:18 22/02/2011] 9CE5543464432CA73134F170FA2BF823
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23318_none_12d1d0b848ea6cc9\iexplore.exe --a---- 638240 bytes [19:50 15/05/2012] [18:09 28/02/2012] CF4EFFB58D9D91E8D219C8E93BC59471

========== reg ==========

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]
(Unable to open key - key not found)

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

I'm just getting some help on this with some other experts, so will reply as soon as I can. It may be tomorrow, but should be soon 

Just letting you know so you're not thinking I left you hanging


----------



## baffledUK (Jul 2, 2012)

thanks Eddie....


----------



## eddie5659 (Mar 19, 2001)

Okay, whilst I wait for confirmation on something, can you see if this works.

Go to Start | Run and type this in:

*regsvr32 IEPROXY.DLL*

and click OK.

If an error message pops up, what do you get?

eddie


----------



## baffledUK (Jul 2, 2012)

It says
RegSvr32

The module ''IEPROXY.DLL'' failed to load.
Make sure the binary is stored at the specified path or debug it to check for prolems with the binary or dependent.DLL files.
The specified module could not be found


----------



## eddie5659 (Mar 19, 2001)

Can you open Windows Explorer and navigate to these files. Right-click on them, and copy them. Paste in another folder, say My Documents, just in case this doesn't work:

C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\inetcpl.cpl

Now, we'll try each one in turn, to see if it works.

First, create a backup using ERUNT:

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










Next, delete the copy of OTL you have and get a fresh one from here:

Download *OTL* to your Desktop

Then, run OTL as follows:


Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:files
C:\Windows\System32\inetcpl.cpl|C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16448_none_4f1e432e8fc6bfcc\inetcpl.cpl /replace
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

Also, let me know if it works.


----------



## baffledUK (Jul 2, 2012)

========== FILES ==========
Unable to replace file: C:\Windows\System32\inetcpl.cpl with C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.1.8112.16448_none_4f1e432e8fc6bfcc\inetcpl.cpl without a reboot.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.66.0 log created on 09232012_222752

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2012/06/29 01:08:59 | 001,427,968 | ---- | M] (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl : MD5=A664679445BFF4FA5A39D933F1AD7F12

Registry entries deleted on Reboot...

Not sure what you want me to check...if it works...but no change to Internet options and IE does not run.


----------



## eddie5659 (Mar 19, 2001)

Nuts 

Okay, looking back at the very beginning, you said that an update may have caused this. As you posted on the 02 July 2012, lets see if we can see what update it was.

In the Control Panel, go to AddRemove Programs.

In there, on the left, select

*View Installed Updates*

Now, in there on the right will be the dates all updates were installed. If you click on the actual column header:

*Installed On*

It should sort them into date order.

Now, can you see any updates that were installed on the 02 July 2012, or a day or two before? If you cam, jot down the KB number, eg: KB946084.

Also, under *Microsoft Windows*, can you see if there are any versions of Internet Explorer showing?

Looking at the laptop here, I can see IE8 and IE9 showing.

This is all via AddRemove Programs


----------



## baffledUK (Jul 2, 2012)

Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.129.781.0)

Installation date: ‎01/‎07/‎2012 17:49

Installation status: Successful

Update type: Optional

Install this update to revise the definition files that are used to detect viruses, spyware, and other potentially unwanted software. Once you have installed this item, it cannot be removed.

More information: 
http://go.microsoft.com/fwlink/?LinkID=154739

Help and Support: 
http://go.microsoft.com/fwlink/?LinkID=154739

Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.129.857.0)

Installation date: ‎02/‎07/‎2012 19:24

Installation status: Successful

Update type: Optional

Install this update to revise the definition files that are used to detect viruses, spyware, and other potentially unwanted software. Once you have installed this item, it cannot be removed.

More information: 
http://go.microsoft.com/fwlink/?LinkID=154739

Help and Support: 
http://go.microsoft.com/fwlink/?LinkID=154739
These two were successful around the date.

Nothing showing for Microsoft Windows in Add/Remove and I mean nothing at all......


----------



## eddie5659 (Mar 19, 2001)

I'm pretty sure you can't remember that far back, but do you know if you used either of these when you had the problem:

AML Free Registry Cleaner 4.20
Auslogics Registry Cleaner 
TweakNow RegCleaner 2011 

Now, searching around to see if the MSE and internet options problem are related, I came across just the one thread. 

Now, just to see if its similar, do you know if MSE has been updating automatically since July?

If not, right-click on the MSE icon in Notification Area (to the immediate left of the clock) and select OPEN | Click on/open the UPDATE tab | Click on the UPDATE button to update MSE manually.

Were you able to download/install updated Definitions this way?

---------

With regards to the Microsoft Windows in Add/Remove, it was a heading in the Installed Updates.

It may not be there, but in Installed Updates, can you see Internet Explorer showing, and if so, which versions?

Again, not in AddRemove Programs itself, but the part where you saw the updates for MSE


----------



## baffledUK (Jul 2, 2012)

Hi Eddie MSE was not installed but I have now installed it and manually updated it. Now Internet Explorer 9 is showing clicked on run as administrator it installs then says some some IE files in use restart computer to use IE9. I'll restart and let you know what happens. Just as a by the way I uninstalled Office 2007 some time ago but it is still showing in add/remove but no value in file size just the title... but I noticed that auto updates still keeps trying to update .. anything I need to worry about?


----------



## baffledUK (Jul 2, 2012)

Restarted no luck with IE9, as far as your first question to be honest I could have used all three....


----------



## eddie5659 (Mar 19, 2001)

Okay, got some ideas from some other people, like I mentioned earlier, so lets try this 

Please download Farbar Service Scanner and run.


Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update


Press *Scan*
A log (FSS.txt) will be created in the same directory the tool is run.
Copy and paste the log back here.


----------



## baffledUK (Jul 2, 2012)

Farbar Service Scanner Version: 19-09-2012
Ran by currys (administrator) on 28-09-2012 at 18:34:23
Running from "C:\Users\currys\Downloads"
Microsoft® Windows Vista Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy: 
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2009-09-09 15:02] - [2009-08-14 17:27] - 0904776 ____A (Microsoft Corporation) 65877AA1B6A7CB797488E831698973E9

C:\Windows\system32\dnsrslvr.dll
[2009-10-20 20:47] - [2009-04-11 07:28] - 0086528 ____A (Microsoft Corporation) 30A08728740E71947AE1E073B5CE69B4

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## eddie5659 (Mar 19, 2001)

Can you see if you can find any versions of Internet Explorer in the Installed Updates section of AddRemove Programs?

---

Also, can you run this for me:

For x86 bit systems please download GrantPerms.zip and save it to your desktop.

Unzip the file and run GrantPerms.exe

Copy and paste the following in the edit box:

*
C:\$RECYCLE.BIN
*

Click *List Permissions* and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

eddie


----------



## baffledUK (Jul 2, 2012)

GrantPerms by Farbar 
Ran by currys (administrator) at 2012-10-01 22:58:47

===============================================
\\?\C:\$RECYCLE.BIN

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)

Really not sure if this is what you want..Nothing in add/remove relating to IE any version


----------



## eddie5659 (Mar 19, 2001)

Well, that looks okay, so that's not gonna help 

For the IE, its not in AddRemove Programs, but in the actual Updates part:










if you look thru there, to see if you have any versions, as in 8 or 9, that would be great. If this is already where you've looked, I'll get my thinking cap on again


----------



## baffledUK (Jul 2, 2012)

Ahhh I see. There is IE 9 in updates does that help?


----------



## eddie5659 (Mar 19, 2001)

At work at the moment, but is there an 8 as well?


----------



## baffledUK (Jul 2, 2012)

yes there is an 8 as well


----------



## eddie5659 (Mar 19, 2001)

Sweet!!

Now, before we start, can you create a restore point. If you're unsure how, have a look here:

http://bertk.mvps.org/html/createrpv.html

Then can you go back there, and try and uninstall version 9. If you click on it, and select Uninstall from the top, like AddRemove Programs, it should work.

If it requires a reboot, let it. Even if it doesn't, at the end of the uninstall, reboot.

Now, I know its back on IE8, but see if that works (let me know either way) for the internet and/or Internet Options.

Then, see if downloading a fresh copy of IE9 works.

http://www.microsoft.com/en-us/download/details.aspx?id=16792

Reboot, and see how that goes.

eddie


----------



## baffledUK (Jul 2, 2012)

Eddie.. Uninstalled IE9 and Internet options is back in Control Panel,,good news. Tried to run IE8 no luck. Then downloaded new IE9 which successfully installed but will not run i.e double click on icon processing circle runs then nothing. So should I uninstall IE8?


----------



## eddie5659 (Mar 19, 2001)

Well, some good news, but not overall 

I have a feeling IE8 won't uninstall, as its the earliest version of IE on Vista. Do you have any other versions of IE on the computer, in the same place where you saw IE8 and 9?

Don't uninstall it if you don't, just let me know either way.

I know you say IE9 won't run, but does the Control Panel bit work?


----------



## baffledUK (Jul 2, 2012)

no other IE versions. Control Panel works


----------



## eddie5659 (Mar 19, 2001)

So, just to clarify, the IE won't open from the desktop, but the Internet Options work via the Control Panel?


----------



## baffledUK (Jul 2, 2012)

OK IE won't open from desktop or anywhere else. Internet Options opens via Control Panel so I can get to Internet Properties.


----------



## eddie5659 (Mar 19, 2001)

Halfway there, so that's progress at last 

I'll be back in a bit, need my thinking cap on


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if we can spot any permission problems. You can use your older OTL or get a new copy from here:

*OTL link*

Should work with either, but maybe a newer version is better 

Anyway, once its downloaded, open it up and copy/paste this into the Custom box at the bottom. Select *All Users* at the top, and then press *Run Scan* and post the log. Only the one will appear.



> cacls "C:\Program Files\Internet Explorer\iexplore.exe" /c
> cacls "C:\Program Files\Internet Explorer" /c


eddie


----------



## baffledUK (Jul 2, 2012)

OTL logfile created on: 18/10/2012 22:14:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\currys\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 53.98% Memory free
6.23 Gb Paging File | 4.72 Gb Available in Paging File | 75.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 415.37 Gb Free Space | 70.86% Space Free | Partition Type: NTFS

Computer Name: EAMONNS | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/18 22:13:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL (1).exe
PRC - [2012/10/10 19:10:21 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/05/03 15:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/10 19:09:49 | 002,294,752 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/30 03:58:45 | 000,442,392 | ---- | M] () -- C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
MOD - [2012/08/30 03:58:42 | 003,997,720 | ---- | M] () -- C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/30 03:57:15 | 000,144,424 | ---- | M] () -- C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/30 03:57:13 | 000,266,792 | ---- | M] () -- C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/30 03:57:12 | 002,480,680 | ---- | M] () -- C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll

========== Services (SafeList) ==========

SRV - [2012/10/10 19:10:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 20:34:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/08 00:00:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 21:14:13 | 000,722,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/05 00:22:12 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:39:50 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/10 09:55:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 09:55:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/03 15:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/10 13:47:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/08/21 22:08:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 15:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\currys\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/03 21:14:14 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/06/23 12:42:47 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/05/10 09:55:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/10 09:55:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/30 20:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/03/01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/17 13:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/01/09 19:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 19:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 19:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/12/09 13:40:53 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/25 19:04:46 | 000,303,720 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/09 03:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/07/16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 08 D2 6F 60 88 CC 01 [binary data]
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes,DefaultScope = {12E234A8-7EC3-47EF-9DD4-E79D0259DB1B}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{12E234A8-7EC3-47EF-9DD4-E79D0259DB1B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_en
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{2310B25F-E44D-4DCE-8978-173DBD1341C1}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2AB81444-0133-4A21-88D6-7236293CD844}&mid=86c7969f8ba047d19024d168d145dea3-9a877b0da52b245d0ae7330e6e4e92d782696eee&lang=en&ds=ts025&pr=&d=2011-12-14 00:04:00&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{98C169E2-613B-42D8-9716-3201888DF14E}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=380920&p={searchTerms}
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.2
FF - prefs.js..extensions.enabledAddons: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.5.3
FF - prefs.js..extensions.enabledAddons: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}:10.10.27.6
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\currys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\currys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 10:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 12:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/05/23 18:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/03 21:14:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/10 19:10:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/10 19:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/10 19:10:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/10 19:09:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/10 10:44:51 | 000,000,000 | ---D | M]

[2012/01/22 11:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/07/24 22:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/10 23:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/01 22:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions
[2012/08/23 20:34:25 | 000,000,000 | ---D | M] (WiseConvert) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/09/12 23:02:41 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\firefox\profiles\fwvafgml.default\extensions\[email protected]
[2012/09/23 23:30:40 | 000,670,738 | ---- | M] () (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\firefox\profiles\fwvafgml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
[2012/10/10 19:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/10/10 19:10:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/23 13:02:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/23 13:02:20 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.avg.com/?cid={BC0AE634-81A2-4ADF-A565-1234DDE68BB3}&mid=Unknown&lang=en&ds=ts025&pr=sa&d=2012-06-29 17:07:20&v=11.1.0.12&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://isearch.avg.com/?cid={BC0AE634-81A2-4ADF-A565-1234DDE68BB3}&mid=Unknown&lang=en&ds=ts025&pr=sa&d=2012-06-29 17:07:20&v=11.1.0.12&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2012/09/17 23:24:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1322783446664 (MUCatalogWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27FA60FB-5855-47ED-90FC-73C7DFD953D2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/29 12:14:24 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/15 23:26:21 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{D9272E07-C1CD-485D-A74C-5C1874B964D5}
[2012/10/15 23:10:23 | 000,000,000 | ---D | C] -- C:\Users\currys\Desktop\929135_files
[2012/10/14 22:58:47 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{8D1B3D52-348C-48C5-8A28-1C9052D4EFBA}
[2012/10/11 23:23:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/10/11 23:23:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/11 23:23:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/11 23:23:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/10/11 23:23:04 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/10/11 23:23:04 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/11 23:23:04 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/11 23:23:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/10/11 23:23:03 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/10/11 23:23:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/11 23:23:03 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/10/11 23:23:03 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/10/11 23:23:03 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/10/11 23:23:03 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/10/11 23:23:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/11 23:23:03 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/10/11 23:23:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/10/11 23:23:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/10/11 23:23:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/10/11 23:23:02 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/11 23:23:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/10/11 23:23:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/10/11 23:23:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/10/11 23:23:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/10/11 23:23:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/11 23:23:01 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/10/11 23:23:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/10/11 23:23:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/11 23:23:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/10/11 23:23:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/10/11 23:23:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/11 23:23:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/10/11 23:23:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/10/11 23:23:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/10/11 23:23:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/10/11 23:23:00 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/10/11 23:23:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/10/10 19:18:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 19:18:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 19:18:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/10 19:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/09 22:29:57 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{67F2EDDC-6EE7-4452-AF62-87C5241D6E00}
[2012/10/08 20:28:26 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{8D6D0CDE-A123-4479-B89F-4136AC0F3DFA}
[2012/09/30 15:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/22 00:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(62)
[2012/09/21 18:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2012/09/18 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{EDD35BB0-4CA7-4DF1-BFA5-C8C5202625DB}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/18 22:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 22:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-currys.job
[2012/10/18 21:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/18 21:31:18 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 21:31:18 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 19:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
[2012/10/18 19:38:04 | 000,668,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/18 19:38:04 | 000,136,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/18 19:31:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 19:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/15 23:10:25 | 000,143,868 | ---- | M] () -- C:\Users\currys\Desktop\929135.htm
[2012/10/15 19:06:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/10/11 23:37:04 | 000,000,945 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/11 23:23:12 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/10/11 23:23:12 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/10/11 23:23:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/10/11 23:23:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/11 23:23:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/11 23:23:04 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/10/11 23:23:04 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/10/11 23:23:04 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/11 23:23:04 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/11 23:23:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/10/11 23:23:03 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/10/11 23:23:03 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/11 23:23:03 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/10/11 23:23:03 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/10/11 23:23:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/10/11 23:23:03 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/10/11 23:23:03 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/11 23:23:03 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/10/11 23:23:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/10/11 23:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/10/11 23:23:03 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/10/11 23:23:03 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/10/11 23:23:02 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/11 23:23:02 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/10/11 23:23:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/10/11 23:23:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/10/11 23:23:02 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/10/11 23:23:01 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/11 23:23:01 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/11 23:23:01 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/10/11 23:23:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/10/11 23:23:01 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/11 23:23:01 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/10/11 23:23:01 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/10/11 23:23:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/10/11 23:23:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/10/11 23:23:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/10/11 23:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/10/11 23:23:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/10/11 23:23:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/10/11 22:15:13 | 272,981,030 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/09 20:34:23 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 20:34:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/08 17:57:11 | 000,001,039 | ---- | M] () -- C:\Users\currys\Desktop\Windows Live Mail.lnk
[2012/10/01 18:38:52 | 003,946,023 | ---- | M] () -- C:\Users\currys\Desktop\2012_0923colourhairjnew0029.JPG
[2012/10/01 18:38:46 | 002,097,664 | ---- | M] () -- C:\Users\currys\Desktop\2012_0923colourhairjnew0044.JPG
[2012/09/30 16:54:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/23 23:30:48 | 000,001,872 | ---- | M] () -- C:\Users\currys\Desktop\eBay Sidebar for Firefox.lnk
[2012/09/21 20:20:12 | 000,129,236 | ---- | M] () -- C:\Users\currys\Documents\cc_20120921_201923.reg
[2012/09/21 18:39:10 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/15 23:10:22 | 000,143,868 | ---- | C] () -- C:\Users\currys\Desktop\929135.htm
[2012/10/11 23:37:04 | 000,000,945 | ---- | C] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/11 23:23:03 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/10/11 22:15:13 | 272,981,030 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/08 17:57:11 | 000,001,039 | ---- | C] () -- C:\Users\currys\Desktop\Windows Live Mail.lnk
[2012/10/01 18:38:51 | 003,946,023 | ---- | C] () -- C:\Users\currys\Desktop\2012_0923colourhairjnew0029.JPG
[2012/10/01 18:38:46 | 002,097,664 | ---- | C] () -- C:\Users\currys\Desktop\2012_0923colourhairjnew0044.JPG
[2012/09/30 15:08:18 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/23 23:30:48 | 000,001,872 | ---- | C] () -- C:\Users\currys\Desktop\eBay Sidebar for Firefox.lnk
[2012/09/21 20:19:43 | 000,129,236 | ---- | C] () -- C:\Users\currys\Documents\cc_20120921_201923.reg
[2012/09/21 18:39:10 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/08/14 22:05:18 | 000,000,000 | ---- | C] () -- C:\Users\currys\D
[2012/07/06 13:47:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/07/05 00:18:12 | 000,016,968 | ---- | C] () -- C:\Users\currys\Untitled 1.odt
[2012/07/01 01:13:20 | 000,322,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/24 11:02:02 | 000,000,487 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/29 12:35:23 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\{A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5}
[2012/01/01 19:41:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/01 19:41:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/01 19:41:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/01 19:41:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/01 19:41:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 20:48:31 | 000,016,918 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.xml
[2011/12/29 12:23:29 | 004,250,112 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.msp
[2011/12/26 14:05:56 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/02 23:16:09 | 000,001,043 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/06/17 21:23:38 | 000,000,094 | ---- | C] () -- C:\Users\currys\AppData\Local\fusioncache.dat
[2011/03/03 21:18:20 | 000,001,024 | ---- | C] () -- C:\Users\currys\.rnd
[2011/03/03 21:18:09 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/02/06 01:16:30 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/16 16:06:15 | 000,001,356 | ---- | C] () -- C:\Users\currys\AppData\Local\d3d9caps.dat
[2009/06/23 22:13:57 | 000,024,206 | ---- | C] () -- C:\Users\currys\AppData\Roaming\UserTile.png
[2009/06/16 18:02:15 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/06/15 20:10:47 | 000,211,968 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< cacls "C:\Program Files\Internet Explorer\iexplore.exe" /c >
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe NT SERVICE\TrustedInstaller:F 
BUILTIN\Administrators:R 
NT AUTHORITY\SYSTEM:R 
BUILTIN\Users:R

< cacls "C:\Program Files\Internet Explorer" /c >
C:\PROGRAM FILES\Internet Explorer NT SERVICE\TrustedInstallerID)F 
NT SERVICE\TrustedInstallerCI)(IO)(ID)F 
NT AUTHORITY\SYSTEMID)F 
NT AUTHORITY\SYSTEMOI)(CI)(IO)(ID)F 
BUILTIN\AdministratorsID)F 
BUILTIN\AdministratorsOI)(CI)(IO)(ID)F 
BUILTIN\UsersID)R 
BUILTIN\UsersOI)(CI)(IO)(ID)(special access
GENERIC_READ
GENERIC_EXECUTE

CREATOR OWNEROI)(CI)(IO)(ID)F

========== Alternate Data Streams ==========

@Alternate Data Stream - 1077 bytes -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml:OECustomProperty

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, seen something but I need to check with someone about it. It may be nothing, but I prefer to be sure.

Back as soon as I can


----------



## eddie5659 (Mar 19, 2001)

Okay, after asking a few people, the permissions are all okay, so that's another idea ruled out 

What I will do, is remove the programs we've used first, just to make sure there are no conflicts. Also, there seems to be some remains of files that may be causing this problem.

I have another idea, but I just want it a bit cleaner before I try that out 

------------------

Okay, so lets remove the tools first:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
TDSSKiller
aswMBR
sfp.zip
inetcpl.txt
FSS
*

----------------------------

Now, what I have noticed is you have these:

ZoneAlarm Antivirus
Microsoft Security Essentials

Having two antiviruses can conflict each other, so unless its a paid version of ZA, I would uninstall ZoneAlarm.

Not sure what else you have as I know you removed a few, so can you re-run Security Check. You should already have the program, but just in case, this is it:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

I've left SystemLook on for now, as we can use that for leftovers


----------



## baffledUK (Jul 2, 2012)

Results of screen317's Security Check version 0.99.53 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.65.0.1400 
TuneUp Utilities Language Pack (en-GB) 
CCleaner 
Java 7 Update 7 
*Java version out of Date!* 
Adobe Flash Player 11.4.402.287 
Adobe Reader 8 *Adobe Reader out of Date!* 
Adobe Reader X (10.1.4) 
Mozilla Firefox (14.0) 
Google Chrome 21.0.1180.89 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0 % 
*````````````````````End of Log``````````````````````* 
Eddie removed all you suggested....


----------



## eddie5659 (Mar 19, 2001)

Dare I ask, but can you access IE now?


----------



## baffledUK (Jul 2, 2012)

sorry.....but no


----------



## eddie5659 (Mar 19, 2001)

Nuts 

Okay, lets see if any remains may be causing any problems. Using SystemLook, can you run this code{


```
:filefind
*checkpoint
*zonealarm
:folderfind
*checkpoint
*zonealarm
:regfind
checkpoint
zonealarm
```
And post the log


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:11 on 29/10/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*checkpoint"
No files found.

Searching for "*zonealarm"
No files found.

========== folderfind ==========

Searching for "*checkpoint"
C:\ProgramData\CheckPoint	d------	[16:47 13/06/2011]
C:\Users\All Users\CheckPoint	d------	[16:47 13/06/2011]
C:\Users\currys\AppData\Roaming\CheckPoint	d------	[16:48 13/06/2011]

Searching for "*zonealarm"
C:\ProgramData\CheckPoint\ZoneAlarm	d------	[16:47 13/06/2011]
C:\Users\All Users\CheckPoint\ZoneAlarm	d------	[16:47 13/06/2011]
C:\Users\currys\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm	d------	[19:45 15/05/2012]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm	d------	[19:40 31/05/2012]

========== regfind ==========

Searching for "checkpoint"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"Write us link"="[email protected]"
[HKEY_CURRENT_USER\Software\CheckPoint]
[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISW]
"command"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\Help\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\dksm\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\avsys\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection\Checkpoints]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]
"CheckPointSignature"="4c920220-ea22-4642-ad81-d296f67b6816"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Path"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"Write us link"="[email protected]"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\CheckPoint]

Searching for "zonealarm"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"WebServerUrl"="http://ZoneAlarmSecurity.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"DisplayName"="ZoneAlarm Security"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"HomePageUrl"="HTTP://www.zonealarm.com/securitytoolbarinfo"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"WeatherHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"RadioHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_5"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free Antivirus + Firewall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm_Security Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\ZoneAlarm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\Help\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\dksm\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\avsys\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"="ZoneAlarm LTD Toolbar Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Product"="ZoneAlarm LTD Toolbar"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"WebServerUrl"="http://ZoneAlarmSecurity.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"DisplayName"="ZoneAlarm Security"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"HomePageUrl"="HTTP://www.zonealarm.com/securitytoolbarinfo"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"WeatherHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_8"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"RadioHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free Antivirus + Firewall]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm_Security Toolbar]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Hi

Still at work, but can you just look in either AddRemove Programs and/or Start | Programs, and see if these are still showing:

ZoneAlarm Firewall
ZoneAlarm Security
ZoneAlarm Antivirus
ZoneAlarm Security Toolbar 

Thanks


----------



## baffledUK (Jul 2, 2012)

removed every thing Zonealarm what next?


----------



## eddie5659 (Mar 19, 2001)

Did you uninstall all Zonealarm stuff after you ran the SystemLook? If so, can you re-run it, so that I can see what is left. Hopefully not much, but just checking


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 22:11 on 31/10/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*checkpoint"
No files found.

Searching for "*zonealarm"
No files found.

========== folderfind ==========

Searching for "*checkpoint"
C:\ProgramData\CheckPoint	d------	[16:47 13/06/2011]
C:\Users\All Users\CheckPoint	d------	[16:47 13/06/2011]
C:\Users\currys\AppData\Roaming\CheckPoint	d------	[16:48 13/06/2011]

Searching for "*zonealarm"
C:\ProgramData\CheckPoint\ZoneAlarm	d------	[16:47 13/06/2011]
C:\Users\All Users\CheckPoint\ZoneAlarm	d------	[16:47 13/06/2011]
C:\Users\currys\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm	d------	[19:45 15/05/2012]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm	d------	[19:40 31/05/2012]

========== regfind ==========

Searching for "checkpoint"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"Write us link"="[email protected]"
[HKEY_CURRENT_USER\Software\CheckPoint]
[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISW]
"command"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\Help\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\dksm\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\avsys\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection\Checkpoints]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]
"CheckPointSignature"="4c920220-ea22-4642-ad81-d296f67b6816"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Path"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"Write us link"="[email protected]"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\CheckPoint]

Searching for "zonealarm"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"WebServerUrl"="http://ZoneAlarmSecurity.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"DisplayName"="ZoneAlarm Security"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"HomePageUrl"="HTTP://www.zonealarm.com/securitytoolbarinfo"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"WeatherHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"RadioHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_5"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free Antivirus + Firewall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm_Security Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\ZoneAlarm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\Help\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\dksm\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\CheckPoint\ZoneAlarm\avsys\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"="ZoneAlarm LTD Toolbar Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Product"="ZoneAlarm LTD Toolbar"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"WebServerUrl"="http://ZoneAlarmSecurity.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar]
"DisplayName"="ZoneAlarm Security"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"HomePageUrl"="HTTP://www.zonealarm.com/securitytoolbarinfo"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"WeatherHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_8"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\AppDataLow\Software\ZoneAlarm_Security\toolbar\Settings]
"RadioHelpUrl"="http://ZoneAlarmSecurity.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Free Antivirus + Firewall]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm_Security Toolbar]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\ProgramData\CheckPoint
C:\Users\All Users\CheckPoint
C:\Users\currys\AppData\Roaming\CheckPoint
C:\ProgramData\CheckPoint\ZoneAlarm
C:\Users\All Users\CheckPoint\ZoneAlarm
C:\Users\currys\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

if it doesn't ask for a reboot, reboot anyway, and see if IE now opens.


----------



## baffledUK (Jul 2, 2012)

All processes killed
========== FILES ==========
C:\ProgramData\CheckPoint\ZoneAlarm\Data folder moved successfully.
C:\ProgramData\CheckPoint\ZoneAlarm folder moved successfully.
C:\ProgramData\CheckPoint folder moved successfully.
File\Folder C:\Users\All Users\CheckPoint not found.
C:\Users\currys\AppData\Roaming\CheckPoint folder moved successfully.
File\Folder C:\ProgramData\CheckPoint\ZoneAlarm not found.
File\Folder C:\Users\All Users\CheckPoint\ZoneAlarm not found.
C:\Users\currys\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Check Point Software Technologies LTD\zonealarm folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: currys
->Temp folder emptied: 205723644 bytes
->Temporary Internet Files folder emptied: 20727587 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 78164828 bytes
->Google Chrome cache emptied: 286504707 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57338 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3679834 bytes
RecycleBin emptied: 1855137 bytes

Total Files Cleaned = 569.00 mb

[EMPTYJAVA]

User: All Users

User: currys
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: currys
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11032012_203116

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
tried IE after reboot no luck..............


----------



## eddie5659 (Mar 19, 2001)

Nuts 

Can you have a look here:

http://windows.microsoft.com/en-GB/windows7/tips-for-solving-problems-with-internet-explorer

And apart from the last part, see if any of those work.

---

Also, can you run this:

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.


----------



## baffledUK (Jul 2, 2012)

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 22:22:11
# Updated 30/10/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : currys - EAMONNS
# Boot Mode : Normal
# Running from : C:\Users\currys\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\user.js
File Found : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\browsemngr.xml
File Found : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\searchplugins\Search_Results.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\PriceGong
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\Users\currys\AppData\Local\APN
Folder Found : C:\Users\currys\AppData\Local\AVG Secure Search
Folder Found : C:\Users\currys\AppData\Local\Ilivid Player
Folder Found : C:\Users\currys\AppData\Local\OpenCandy
Folder Found : C:\Users\currys\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\currys\AppData\LocalLow\file2linkib
Folder Found : C:\Users\currys\AppData\LocalLow\PriceGong
Folder Found : C:\Users\currys\AppData\Roaming\Media Finder
Folder Found : C:\Users\currys\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Found : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\ConduitCommon
Folder Found : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\CT3196716
Folder Found : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
Folder Found : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\Smartbar
Folder Found : C:\Users\currys\AppData\Roaming\OpenCandy
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\file2linkib
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0 (en-US)

Profile name : default 
File : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\prefs.js

Found : user_pref("CT3196716..clientLogIsEnabled", false);
Found : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);
Found : user_pref("CT3196716.BrowserCompStateIsOpen_6889964918226042031", true);
Found : user_pref("CT3196716.BrowserCompStateIsOpen_8478564928926792879", true);
Found : user_pref("CT3196716.CT3196716", "CT3196716");
Found : user_pref("CT3196716.CurrentServerDate", "10-7-2012");
Found : user_pref("CT3196716.DSInstall", true);
Found : user_pref("CT3196716.DialogsAlignMode", "LTR");
Found : user_pref("CT3196716.DialogsGetterLastCheckTime", "Sun Jul 08 2012 01:40:11 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT3196716.DownloadReferralCookieData", "");
Found : user_pref("CT3196716.EMailNotifierPollDate", "Sun Jul 01 2012 23:35:31 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Sun Jul 01 2012 23:30:28 GMT+010[...]
Found : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Sun Jul 01 2012 23:30:28 GMT+010[...]
Found : user_pref("CT3196716.FirstServerDate", "2-7-2012");
Found : user_pref("CT3196716.FirstTime", true);
Found : user_pref("CT3196716.FirstTimeFF3", true);
Found : user_pref("CT3196716.FirstTimeHiddenVer", true);
Found : user_pref("CT3196716.FixPageNotFoundErrors", true);
Found : user_pref("CT3196716.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3196716.HPChangedManually", false);
Found : user_pref("CT3196716.HPInstall", true);
Found : user_pref("CT3196716.HasUserGlobalKeys", true);
Found : user_pref("CT3196716.HomePageProtectorEnabled", true);
Found : user_pref("CT3196716.HomepageBeforeUnload", "hxxp://www.google.co.uk/");
Found : user_pref("CT3196716.Initialize", true);
Found : user_pref("CT3196716.InitializeCommonPrefs", true);
Found : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3196716.InstallationType", "Unknown");
Found : user_pref("CT3196716.InstalledDate", "Sun Jul 01 2012 23:31:02 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3196716.InvalidateCache", false);
Found : user_pref("CT3196716.IsAlertDBUpdated", true);
Found : user_pref("CT3196716.IsGrouping", false);
Found : user_pref("CT3196716.IsInitSetupIni", true);
Found : user_pref("CT3196716.IsMulticommunity", false);
Found : user_pref("CT3196716.IsOpenThankYouPage", true);
Found : user_pref("CT3196716.IsOpenUninstallPage", true);
Found : user_pref("CT3196716.IsProtectorsInit", true);
Found : user_pref("CT3196716.LanguagePackLastCheckTime", "Tue Jul 10 2012 19:42:26 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3196716.LastLogin_3.13.0.6", "Tue Jul 10 2012 18:49:41 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3196716.LastLogin_3.14.1.0", "Sun Jul 08 2012 19:24:19 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3196716.LatestVersion", "3.13.0.6");
Found : user_pref("CT3196716.Locale", "en");
Found : user_pref("CT3196716.MCDetectTooltipHeight", "83");
Found : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT3196716.MCDetectTooltipWidth", "295");
Found : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3196716.OriginalFirstVersion", "3.14.1.0");
Found : user_pref("CT3196716.RadioIsPodcast", false);
Found : user_pref("CT3196716.RadioLastCheckTime", "Sun Jul 01 2012 23:30:31 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3196716.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3196716.RadioLastUpdateServer", "3");
Found : user_pref("CT3196716.RadioMediaID", "9962");
Found : user_pref("CT3196716.RadioMediaType", "Media Player");
Found : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");
Found : user_pref("CT3196716.RadioShrinkedFromSetup", false);
Found : user_pref("CT3196716.RadioStationName", "California%20Rock");
Found : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3196716.SHRINK_TOOLBAR", 1);
Found : user_pref("CT3196716.SavedHomepage", "www.google.co.uk");
Found : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");
Found : user_pref("CT3196716.SearchEngineBeforeUnload", "WiseConvert Customized Web Search");
Found : user_pref("CT3196716.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Found : user_pref("CT3196716.SearchInNewTabEnabled", true);
Found : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Tue Jul 10 2012 19:42:25 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3196716.SearchProtectorEnabled", true);
Found : user_pref("CT3196716.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3196716.SendProtectorDataViaLogin", true);
Found : user_pref("CT3196716.ServiceMapLastCheckTime", "Tue Jul 10 2012 19:42:25 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT3196716.SettingsLastCheckTime", "Tue Jul 10 2012 18:49:39 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3196716.SettingsLastUpdate", "1341308051");
Found : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
Found : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Sun Jul 01 2012 23:30:28 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3230027");
Found : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3196716.UserID", "UN63993074885569890");
Found : user_pref("CT3196716.ValidationData_Search", 2);
Found : user_pref("CT3196716.ValidationData_Toolbar", 2);
Found : user_pref("CT3196716.WeatherNetwork", "");
Found : user_pref("CT3196716.WeatherPollDate", "Sun Jul 01 2012 23:30:28 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3196716.WeatherUnit", "C");
Found : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3196716.alertChannelId", "1667894");
Found : user_pref("CT3196716.backendstorage.cbcountry_001", "4742");
Found : user_pref("CT3196716.backendstorage.cbfirsttime", "53756E204A756C20303120323031322032333A33303A33352[...]
Found : user_pref("CT3196716.backendstorage.event_data", "253542253544");
Found : user_pref("CT3196716.backendstorage.fired_events", "");
Found : user_pref("CT3196716.backendstorage.key_date", "31");
Found : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "467269204A756C20303620323031322032333A[...]
Found : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "756E69746564206B696E67646F6D");
Found : user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3196716.firstTimeDialogOpened", true);
Found : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3196716.fixUrls", true);
Found : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Sun Jul 01 2012 23:30:31 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT3196716.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3196716.initDone", true);
Found : user_pref("CT3196716.isAppTrackingManagerOn", true);
Found : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3196716.isFirstRadioInstallation", false);
Found : user_pref("CT3196716.isNewTabEnabled", true);
Found : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3196716.keyword", true);
Found : user_pref("CT3196716.myStuffEnabled", true);
Found : user_pref("CT3196716.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3196716.navigateToUrlOnSearch", false);
Found : user_pref("CT3196716.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.autotrader.c[...]
Found : user_pref("CT3196716.revertSettingsEnabled", true);
Found : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3196716.searchProtectorEnableByLogin", true);
Found : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3196716.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345747226469");
Found : user_pref("CT3196716.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350594871281");
Found : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1350594870793");
Found : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1350594870880");
Found : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1350594871032");
Found : user_pref("CT3196716.settingsINI", true);
Found : user_pref("CT3196716.smartbar.CTID", "CT3196716");
Found : user_pref("CT3196716.smartbar.Uninstall", "0");
Found : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
Found : user_pref("CT3196716.startPage", "userChanged");
Found : user_pref("CT3196716.testingCtid", "CT3230027");
Found : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Tue Jul 10 2012 19:42:26 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3196716.toolbarBornServerTime", "2-7-2012");
Found : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Sun Jul 01 2012 23:30:31 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3196716.toolbarCurrentServerTime", "19-10-2012");
Found : user_pref("CT3196716.usagesFlag", 2);
Found : user_pref("CT3230027.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3196716&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "WiseConvert Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3230027/CT3230027[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1613210/1606743/UK", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3230027", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3230027",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\currys\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb165/?loc[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3196716");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3196716");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716");
Found : user_pref("CommunityToolbar.globalUserId", "87ef4e78-2de7-480a-843d-c1e739153c4b");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3196716");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 01 2012 23:30:3[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jul 01 2012 23:30:38 GMT+010[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 01 2012 23:30:31 GMT+0100 (G[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "35e54203-1eb3-495f-899a-2e9ddd80842a");
Found : user_pref("CommunityToolbar.originalHomepage", "www.google.co.uk");
Found : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://www.google.co.uk/");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3196716");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "50b4fa92000000000000002197a13750");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15642");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:00:26");
Found : user_pref("[email protected]", true);

-\\ Google Chrome v21.0.1180.89

File : C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://isearch.avg.com/?cid={BC0AE634-81A2-4ADF-A565-1234DDE68BB3}&mid=Unknown&lang=en&ds=ts025&pr=sa&d=2012-06-29 17:07:20&v=11.1.0.12&sap=hp",
Found [l.13] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.babylon.com/?affID=111442&tt=4412_4&babsrc=HP_ss&mntrId=50b4fa92000000000000002197a13750" ]
Found [l.47] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Found [l.50] : keyword = "babylon.com",
Found [l.53] : search_url = "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101067&mntrId=50b4fa92000000000000002197a13750",
Found [l.1424] : homepage = "hxxp://isearch.avg.com/?cid={BC0AE634-81A2-4ADF-A565-1234DDE68BB3}&mid=Unknown&lang=en&ds=ts025&pr=sa&d=2012-06-29 17:07:20&v=11.1.0.12&sap=hp",
Found [l.1744] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.babylon.com/?affID=111442&tt=4412_4&babsrc=HP_ss&mntrId=50b4fa92000000000000002197a13750" ]

*************************

AdwCleaner[R1].txt - [28076 octets] - [04/11/2012 22:22:11]

########## EOF - C:\AdwCleaner[R1].txt - [28137 octets] ########## Still no joy with IE


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, had some personal issue to look at this week, so not been online much 

Looking at the above, quite alot of malware is showing, so lets get rid of that. Then, we'll remove any remains 

So, firstly, can you do this for me:


Close all open programs and internet browsers.
Double click on *adwcleaner.exe* to run the tool.
Click on *Delete*.
Confirm each time with *Ok*.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[S1].txt* as well.

--------------

Then, lets check for any remains. May be a long log, so posting in parts is fine 

Using good old SystemLook, can you run the following code:


```
:filefind
*babylon
*PriceGong
*Ask
*boost_interprocess
*IBUpdaterService
*Ilivid
*Media Finder
*OpenCandy
*AskToolbar
*file2linkib
*Conduit
*CT3196716
*WiseConvert
*Smartbar
*Crossrider
*searchqutoolbar
*DataMngr
*Searchqu
*Softonic
:folderfind
*babylon
*PriceGong
*Ask
*boost_interprocess
*IBUpdaterService
*Ilivid
*Media Finder
*OpenCandy
*AskToolbar
*file2linkib
*Conduit
*CT3196716
*WiseConvert
*Smartbar
*Crossrider
*searchqutoolbar
*DataMngr
*Searchqu
*Softonic
:regfind
babylon
PriceGong
Ask
boost_interprocess
IBUpdaterService
Ilivid
Media Finder
OpenCandy
AskToolbar
file2linkib
Conduit
CT3196716
WiseConvert
Smartbar
Crossrider
searchqutoolbar
DataMngr
Searchqu
Softonic
```
and post the log it produces.

eddie


----------



## baffledUK (Jul 2, 2012)

AdwCleaner v2.006 - Logfile created 11/09/2012 at 18:37:59
# Updated 30/10/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : currys - EAMONNS
# Boot Mode : Normal
# Running from : C:\Users\currys\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0 (en-US)

Profile name : default 
File : C:\Users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.29] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.32] : keyword = "babylon.com",
Deleted [l.35] : search_url = "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101067&mntrId=50b4fa92000000000000002197a13750",

*************************

AdwCleaner[R1].txt - [28207 octets] - [04/11/2012 22:22:11]
AdwCleaner[R2].txt - [27662 octets] - [08/11/2012 22:21:40]
AdwCleaner[S2].txt - [28058 octets] - [08/11/2012 22:23:17]
AdwCleaner[S4].txt - [1263 octets] - [09/11/2012 18:37:59]

########## EOF - C:\AdwCleaner[S4].txt - [1323 octets] ##########


----------



## baffledUK (Jul 2, 2012)

tried running systemlook but unable to get a log........ messge Avira WSC helper tool stopped working and was closed any ideas?


----------



## eddie5659 (Mar 19, 2001)

Hmmm, see if disabling the Avira for running of the tool will help. I assume it was all working okay when you ran it before:


Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Scroll down till you see AVIRA ANTIVIR, near the top of the page.


----------



## baffledUK (Jul 2, 2012)

Bit confused never seen avira antivir before, so nothing to disable. Changes Seem to have happened after running adwcleaner. This Avira tool not running has a really annoying error message every minute or so......The only anti viral running is MSE


----------



## eddie5659 (Mar 19, 2001)

Just saw this before I got ready for sleep..

So, you don't have Avira programs?

Can you re-run this for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Also, can you do a search with Systemlook as follows:


```
:filefind
avwsc.exe
:folderfind
WSC Helper
Avira
```
Curious what comes up..


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:25 on 12/11/2012 by currys
Administrator - Elevation successful

No Context: filefind

No Context: avwsc.exe

========== folderfind ==========

Searching for "WSC Helper"
No folders found.

Searching for "Avira"
C:\Program Files\Avira	d------	[09:35 18/12/2011]
C:\ProgramData\Avira	d------	[09:35 18/12/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira	d------	[09:36 18/12/2011]
C:\Users\All Users\Avira	d------	[09:35 18/12/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira	d------	[09:36 18/12/2011]
C:\Users\currys\AppData\Roaming\Avira	d------	[09:41 18/12/2011]

-= EOF =-

Results of screen317's Security Check version 0.99.54 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.65.0.1400 
TuneUp Utilities Language Pack (en-GB) 
CCleaner 
Java 7 Update 7 
*Java version out of Date!* 
Adobe Flash Player 11.4.402.287 
Adobe Reader 8 *Adobe Reader out of Date!* 
Adobe Reader X (10.1.4) 
Mozilla Firefox (14.0) 
Google Chrome 21.0.1180.89 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Avira Antivir avguard.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0 % 
*````````````````````End of Log``````````````````````*


----------



## eddie5659 (Mar 19, 2001)

Well, looking at the above, you seem to have two antivirus's:

Microsoft Security Essentials MSMpEng.exe
Avira Antivir avguard.exe

And the Avira is in the location its supposed to be.

What is strange is that you said you never installed this, am I right?

Just had a look back here, and it wasn't showing:

http://forums.techguy.org/8401527-post3.html

Ah, you may have had it at some time:

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

So, as having the two may conflict, lets get that sorted:

-----------

First, see if Avira Antivirus is showing in either AddRemove Programs in the Control Panel, or Start | Programs.

If it is, uninstall it, If not, do the following:

Please *download* *OTM*

Reboot to safemode. If you're unsure how, see here:

http://bertk.mvps.org/html/safemodevista.html

Then, do the following:


 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Program Files\Avira
C:\ProgramData\Avira
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
C:\Users\All Users\Avira
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira
C:\Users\currys\AppData\Roaming\Avira
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

-----

Reboot to normal mode and re-run SystemLook with the following code:


```
:filefind
*Avira
:folderfind
*Avira
:regfind
Avira
```
and post the log


----------



## baffledUK (Jul 2, 2012)

ll processes killed
========== FILES ==========
C:\Program Files\Avira\AntiVir Desktop\FAILSAFE folder moved successfully.
C:\Program Files\Avira\AntiVir Desktop folder moved successfully.
C:\Program Files\Avira folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\WEBGUARD folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\UPDATE folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVESVC folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\SYSSAFE folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\REPORTS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\PROFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\JOBS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\IPM folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\INFECTED folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\IDX folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTDB folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\CONFIG folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\BACKUP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop folder moved successfully.
C:\ProgramData\Avira folder moved successfully.
File/Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira not found.
File/Folder C:\Users\All Users\Avira not found.
File/Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira not found.
C:\Users\currys\AppData\Roaming\Avira\AntiVir Desktop\JOBS folder moved successfully.
C:\Users\currys\AppData\Roaming\Avira\AntiVir Desktop folder moved successfully.
C:\Users\currys\AppData\Roaming\Avira folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: currys
->Temp folder emptied: 590289753 bytes
->Temporary Internet Files folder emptied: 3387169 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5590886 bytes
->Google Chrome cache emptied: 11305719 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60205242 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34967640 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 43219 bytes

Total Files Cleaned = 673.00 mb

Error creating restore point.

[EMPTYFLASH]

User: All Users

User: currys
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 11122012_223611


----------



## baffledUK (Jul 2, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 23:04 on 12/11/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*Avira"
No files found.

========== folderfind ==========

Searching for "*Avira"
C:\_OTM\MovedFiles\11122012_223611\C_Program Files\Avira	d----c-	[09:35 18/12/2011]
C:\_OTM\MovedFiles\11122012_223611\C_ProgramData\Avira	d----c-	[09:35 18/12/2011]
C:\_OTM\MovedFiles\11122012_223611\C_Users\currys\AppData\Roaming\Avira	d----c-	[09:41 18/12/2011]

========== regfind ==========

Searching for "Avira"
[HKEY_CURRENT_USER\Software\Avira]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Avira]
[HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir Desktop]
"Path"="C:\Program Files\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir Desktop]
"AppDataDirectory"="C:\ProgramData\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt]
"command"=""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\currys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0DTNDV1\avira_antivir_premium_en.exe"="WINXPSP2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\currys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZGTCL05\avira_antivirus_premium_en.exe"="WINXPSP2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\currys\AppData\Local\Temp\IswTmp\DwlRun\avira_antivirus_premium.exe"="WINXPSP2"
[HKEY_LOCAL_MACHINE\SOFTWARE\X-AVCSD\Workstation\AntiVir Desktop]
"Name"="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\X-AVCSD\Workstation\AntiVir Desktop]
"MasterKey"="Software\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService]
"DisplayName"="Avira Scheduler"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService]
"ImagePath"=""C:\Program Files\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService]
"DisplayName"="Avira Realtime Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AntiVirService]
"Description"="Offers permanent protection against viruses and malware with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ssmdrv]
"Description"="Avira Snapshot Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ssmdrv\Products]
"Avira Free Antivirus"="C:\Program Files\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AntiVirSchedulerService]
"DisplayName"="Avira Scheduler"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AntiVirService]
"ImagePath"=""C:\Program Files\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AntiVirService]
"DisplayName"="Avira Realtime Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AntiVirService]
"Description"="Offers permanent protection against viruses and malware with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ssmdrv]
"Description"="Avira Snapshot Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ssmdrv\Products]
"Avira Free Antivirus"="C:\Program Files\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService]
"DisplayName"="Avira Scheduler"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService]
"ImagePath"=""C:\Program Files\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService]
"DisplayName"="Avira Realtime Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirService]
"Description"="Offers permanent protection against viruses and malware with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssmdrv]
"Description"="Avira Snapshot Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssmdrv\Products]
"Avira Free Antivirus"="C:\Program Files\Avira\AntiVir Desktop\"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Avira]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, first off, lets make a backup, just in case:

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










-----------------

Then, can you do this via ComboFix:

Delete any copy of *CFScript.txt* that you have and then...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> Registry::
> [-HKEY_CURRENT_USER\Software\Avira]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Avira]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir Desktop]
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.


----------



## baffledUK (Jul 2, 2012)

here it is.......

ComboFix 12-11-15.01 - currys 15/11/2012 22:13:15.12.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1456 [GMT 0:00]
Running from: c:\users\currys\Downloads\ComboFix.exe
Command switches used :: c:\users\currys\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 22:22 . 2012-11-15 22:23	--------	d-----w-	c:\users\currys\AppData\Local\temp
2012-11-15 22:22 . 2012-11-15 22:22	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-15 22:22 . 2012-11-15 22:22	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-11-15 22:22 . 2012-11-15 22:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-15 19:19 . 2012-11-15 19:19	--------	d-----w-	c:\program files\ERUNT
2012-11-15 19:18 . 2012-10-12 05:56	6918632	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{650BBD29-C69F-49FF-9340-27DB00B9D83F}\mpengine.dll
2012-11-14 22:52 . 2012-10-12 05:56	6918632	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-14 18:44 . 2012-11-14 18:48	--------	d-----w-	c:\windows\system32\wbem\Logs
2012-11-13 22:35 . 2012-11-15 19:21	--------	d-----w-	c:\windows\Debug
2012-11-13 22:31 . 2012-11-13 22:31	--------	d-----w-	c:\program files\ParetoLogic
2012-11-13 22:31 . 2012-11-13 22:31	--------	d-----w-	c:\program files\Common Files\ParetoLogic
2012-11-13 22:22 . 2012-11-13 22:22	--------	d-----w-	c:\users\currys\AppData\Roaming\PC Utility Kit
2012-11-13 22:22 . 2012-11-13 22:27	--------	d-----w-	c:\programdata\PC Utility Kit
2012-11-12 23:44 . 2012-11-12 23:44	7450888	----a-w-	c:\program files\Common Files\Windows Live\.cache\b465c95c1cdc12f02\bingbarsetup.exe
2012-11-12 23:44 . 2012-11-12 23:44	6260088	----a-w-	c:\program files\Common Files\Windows Live\.cache\acb1409c1cdc12f01\Silverlight.4.0.exe
2012-11-12 23:30 . 2009-09-04 17:44	69464	----a-w-	c:\windows\system32\XAPOFX1_3.dll
2012-11-12 23:30 . 2009-09-04 17:44	515416	----a-w-	c:\windows\system32\XAudio2_5.dll
2012-11-12 23:30 . 2009-09-04 17:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2012-11-12 23:29 . 2006-11-29 13:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2012-11-12 22:36 . 2012-11-12 22:36	--------	dc----w-	C:\_OTM
2012-11-12 18:01 . 2012-11-12 18:01	--------	dc----w-	C:\64dfc7bf1d8f5d8719b73eb166
2012-11-11 17:29 . 2012-09-29 15:47	60928	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\EKAiO2PPR.dll
2012-11-11 17:27 . 2012-11-11 17:29	--------	d-----w-	c:\programdata\Kodak
2012-11-11 17:27 . 2012-11-11 17:27	--------	d-----w-	c:\windows\system32\kodak
2012-11-11 12:46 . 2012-11-11 12:46	--------	d-----w-	c:\users\currys\AppData\Local\Innovative Solutions
2012-11-09 23:02 . 2012-11-09 23:02	--------	d-----w-	c:\program files\Perion
2012-11-09 23:02 . 2012-11-09 23:02	450	-c--a-w-	C:\user.js
2012-11-09 23:02 . 2011-06-10 22:58	773968	----a-w-	c:\windows\system32\msvcr100.dll
2012-11-09 23:02 . 2011-06-10 22:58	421200	----a-w-	c:\windows\system32\msvcp100.dll
2012-11-09 23:02 . 2011-05-13 23:17	632656	----a-w-	c:\windows\system32\msvcr80.dll
2012-11-09 23:02 . 2011-05-13 23:17	479232	----a-w-	c:\windows\system32\msvcm80.dll
2012-11-09 23:02 . 2011-05-13 23:17	554832	----a-w-	c:\windows\system32\msvcp80.dll
2012-11-03 20:31 . 2012-11-03 20:31	--------	dc----w-	C:\_OTL
2012-10-29 22:32 . 2012-10-29 22:32	--------	d-----w-	c:\users\currys\AppData\Roaming\OfficeSuiteX
2012-10-29 22:29 . 2012-10-29 22:30	--------	d-----w-	c:\program files\Office Suite X 3
2012-10-25 21:50 . 2012-09-30 14:10	740784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AAB998D-4DDE-45F2-AD44-076CFDBF5459}\gapaengine.dll
2012-10-23 17:56 . 2012-10-12 05:56	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C642C8-03DC-414F-9E6B-6D2DA17DC9DF}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 22:23 . 2012-10-11 22:23	161792	----a-w-	c:\windows\system32\msls31.dll
2012-10-11 22:23 . 2012-10-11 22:23	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-10-11 22:23 . 2012-10-11 22:23	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-10-11 22:23 . 2012-10-11 22:23	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-10-11 22:23 . 2012-10-11 22:23	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-10-11 22:23 . 2012-10-11 22:23	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-10-11 22:23 . 2012-10-11 22:23	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-10-11 22:23 . 2012-10-11 22:23	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-10-11 22:23 . 2012-10-11 22:23	367104	----a-w-	c:\windows\system32\html.iec
2012-10-11 22:23 . 2012-10-11 22:23	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-10-11 22:23 . 2012-10-11 22:23	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-10-11 22:23 . 2012-10-11 22:23	152064	----a-w-	c:\windows\system32\wextract.exe
2012-10-11 22:23 . 2012-10-11 22:23	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-10-11 22:23 . 2012-10-11 22:23	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-10-11 22:23 . 2012-10-11 22:23	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-10-11 22:23 . 2012-10-11 22:23	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-10-11 22:23 . 2012-10-11 22:23	11776	----a-w-	c:\windows\system32\mshta.exe
2012-10-11 22:23 . 2012-10-11 22:23	101888	----a-w-	c:\windows\system32\admparse.dll
2012-10-11 22:23 . 2012-10-11 22:23	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-10-11 22:23 . 2012-10-11 22:23	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-10-11 22:23 . 2012-10-11 22:23	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-10-10 20:15 . 2012-10-10 20:15	1867112	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15	2574696	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14	888168	----a-w-	c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-10 20:14	17559912	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-10-10 20:14	2428776	----a-w-	c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2012-10-10 20:14	7697768	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14	10837352	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14	19906920	----a-w-	c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2011-12-15 19:44	1009512	----a-w-	c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14	6127464	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:14 . 2008-08-22 05:22	15309160	----a-w-	c:\windows\system32\nvd3dum.dll
2012-10-09 19:34 . 2012-03-30 19:49	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:34 . 2011-07-16 18:09	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 19:29 . 2011-12-15 19:45	645992	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2011-12-15 19:45	62312	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2011-12-15 19:45	108392	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2010-03-16 02:15	2557288	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2011-12-15 19:45	2853224	----a-w-	c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2011-12-15 19:45	3965288	----a-w-	c:\windows\system32\nvcpl.dll
2012-09-30 14:10 . 2012-10-06 14:33	740784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 15:43 . 2012-09-29 15:43	163328	----a-w-	c:\windows\system32\EKAiO2COI10.dll
2012-09-29 15:43 . 2012-09-29 15:43	1466880	----a-w-	c:\windows\system32\EKAiO2MON.dll
2012-09-21 17:39 . 2012-09-21 17:39	74703	----a-w-	c:\windows\system32\mfc45.dll
2012-09-18 17:57 . 2012-09-18 17:58	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-18 17:57 . 2010-04-22 21:21	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 18:18	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-07 16:04 . 2012-07-02 17:56	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-03 20:14 . 2012-09-03 20:14	27496	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2012-08-30 21:03 . 2012-08-30 21:03	99272	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 21:03 . 2012-08-30 21:03	193552	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-29 11:27 . 2012-10-10 18:18	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 18:18	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 18:18	172544	----a-w-	c:\windows\system32\wintrust.dll
2009-05-01 21:02 . 2012-11-09 21:44	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-11-09 21:44	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-11-09 21:44 . 2012-11-09 21:44	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
c:\users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-10 12:47	16680	----a-w-	c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2009-01-02 12:05	1041960	----a-w-	c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2009-01-02 12:05	1041960	----a-w-	c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-09-12 16:19	947176	----a-w-	c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-10-02 19:28	3965288	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-10-02 19:29	108392	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2008-07-07 15:26	1038136	----a-w-	c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-03 11:28	274608	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:34]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 14:54]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-118059262-2797764304-1290977041-1000Core.job
- c:\users\currys\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 10:26]
.
2012-11-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2012-06-27 21:07]
.
2012-11-15 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-13 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-11-13 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-11-15 c:\windows\Tasks\Recovery DVD Creator-currys.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-21 15:25]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6PQPf2f5H6&&i=26&search=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-23 23:30; {62760FD6-B943-48C9-AB09-F99C6FE96088}; c:\users\currys\AppData\Roaming\Mozilla\Firefox\Profiles\fwvafgml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQPf2f5H6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 50b4fa92000000000000002197a13750
FF - user.js: extensions.incredibar_i.instlDay - 15653
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:02
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6PQPf2f5H6
FF - user.js: extensions.incredibar_i.upn2n - 92543899209090572
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10678
FF - user.js: extensions.incredibar_i.ppd - 111
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-15 22:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\*& *u*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:92,fa,95,c7,a1,37,50,00
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,e6,62,f7,01,dc,fb,1c,52,f0,6e,66,c7,e7,f7,7d,d4,3c,36,63,42,0e,89,
8f,85,fa,f6,6d,83,03,fa,81,49,39,a4,45,bf,5e,77,23,eb,37,4b,86,ff,a8,26,ea,\
"??"=hex:dd,bb,b0,11,5f,96,3e,4b,49,50,e6,16,dd,f8,06,aa
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):85,95,14,d3,27,4a,46,92,ae,59,c7,15,15,df,38,74,0f,19,b1,7a,db,
bb,f0,e8,07,d0,65,01,12,5d,c5,e7,c3,d1,3d,a1,73,f5,bd,ad,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\CLSID\{f72d7cc0-3228-4f40-938c-e80ee848e811}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bc
"Therad"=dword:00000014
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-15 22:30:24
ComboFix-quarantined-files.txt 2012-11-15 22:30
ComboFix2.txt 2012-11-15 19:50
.
Pre-Run: 447,140,577,280 bytes free
Post-Run: 447,126,339,584 bytes free
.
- - End Of File - - C226D178E7846FCE0F679DAD1E97E048


----------



## eddie5659 (Mar 19, 2001)

Dare I ask, but does the IE program work?


----------



## eddie5659 (Mar 19, 2001)

If still no joy, try copy/pasting this into the Start | Run and pressing OK:

*iexplore.exe -extoff*

To see if Addons are causing any problems.


----------



## baffledUK (Jul 2, 2012)

nothing same as always, IE9 just not pocessing


----------



## eddie5659 (Mar 19, 2001)

Was that the same with the extoff option? I have a feeling it will be, so will have another think..


----------



## baffledUK (Jul 2, 2012)

The same I'm araid


----------



## eddie5659 (Mar 19, 2001)

Well, just spent a long time re-reading this, and I want to try another tool. Also, seen something that may be causing it, but will try this tool first, to see what happens 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


----------



## baffledUK (Jul 2, 2012)

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by currys (administrator) on 18-11-2012 at 22:10:00
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Eamonns
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-21-97-A1-37-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c5a0:6b9f:722c:74de%10(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.1.110(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18 November 2012 21:54:41
Lease Expires . . . . . . . . . . : 19 November 2012 21:54:41
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 167829580
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-A5-C5-DF-00-21-97-A1-37-50
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:14ca:260:3f57:fe91(Preferred) 
Link-local IPv6 Address . . . . . : fe80::14ca:260:3f57:fe91%11(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:803::1003
173.194.34.103
173.194.34.104
173.194.34.100
173.194.34.98
173.194.34.105
173.194.34.96
173.194.34.101
173.194.34.99
173.194.34.110
173.194.34.97
173.194.34.102

Pinging google.com [173.194.34.100] with 32 bytes of data:

Reply from 173.194.34.100: bytes=32 time=32ms TTL=52

Reply from 173.194.34.100: bytes=32 time=31ms TTL=52

Ping statistics for 173.194.34.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 32ms, Average = 31ms

Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=506ms TTL=44

Reply from 98.139.183.24: bytes=32 time=509ms TTL=44

Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 506ms, Maximum = 509ms, Average = 507ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 21 97 a1 37 50 ...... Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.110 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.110 276
192.168.1.110 255.255.255.255 On-link 192.168.1.110 276
192.168.1.255 255.255.255.255 On-link 192.168.1.110 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.110 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.110 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:5ef5:79fd:14ca:260:3f57:fe91/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::14ca:260:3f57:fe91/128
On-link
10 276 fe80::c5a0:6b9f:722c:74de/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2012 10:07:34 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2012 10:07:34 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2012 09:56:31 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2012 09:56:31 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2012 09:56:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (11/18/2012 09:56:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (11/18/2012 10:25:18 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2012 10:25:18 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2012 10:25:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (11/18/2012 10:25:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

System errors:
=============
Error: (11/18/2012 09:58:43 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (11/18/2012 09:56:14 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037

Error: (11/18/2012 09:56:13 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/18/2012 09:55:29 PM) (Source: Service Control Manager) (User: )
Description: Avira Realtime Protection%%3

Error: (11/18/2012 09:55:29 PM) (Source: Service Control Manager) (User: )
Description: Avira Scheduler%%3

Error: (11/18/2012 10:27:29 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (11/18/2012 10:25:00 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037

Error: (11/18/2012 10:24:59 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/18/2012 10:24:15 AM) (Source: Service Control Manager) (User: )
Description: Avira Realtime Protection%%3

Error: (11/18/2012 10:24:15 AM) (Source: Service Control Manager) (User: )
Description: Avira Scheduler%%3

Microsoft Office Sessions:
=========================
Error: (07/07/2009 08:50:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 3Microsoft Office PowerPoint12.0.6500.500012.0.6425.1000177120

Error: (07/07/2009 08:44:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 3Microsoft Office PowerPoint12.0.6500.500012.0.6425.1000387180

Error: (07/07/2009 08:32:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 3Microsoft Office PowerPoint12.0.6500.500012.0.6425.100015260

CodeIntegrity Errors:
===================================
Date: 2012-11-15 22:14:31.638
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:14:31.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:14:31.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:14:31.014
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:13:43.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:13:43.730
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:13:43.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:13:43.215
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:13:06.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-15 22:13:06.228
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

4oD (Version: 2.0.23.0)
Adobe AIR (Version: 1.5.2.8900)
Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Auslogics Disk Defrag (Version: version 3.1)
Auslogics Registry Cleaner (Version: version 2.3)
BBC iPlayer Desktop (Version: 1.3.12070)
Bing Bar (Version: 7.0.619.0)
Bonjour (Version: 1.0.106)
Bonjour (Version: 2.0.4.0)
BT Broadband Desktop Help
CCleaner (Version: 3.20)
CD & DVD Label Maker 1.2
Chanalyzer 4 (Version: 4.0.6)
D3DX10 (Version: 15.4.2368.0902)
DivX Web Player (Version: 1.5.0)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
ERUNT 1.1j
Football Manager 2010
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
GoToAssist Corporate (Version: 9.0.0.570)
GoToAssist Corporate (Version: 9.0.570)
HDReg (Version: 2.0.0)
HiJackThis (Version: 1.0.0)
HP Product Detection (Version: 9.7.2)
HPSSupply (Version: 100.0.170.000)
Image Writer (Version: 1.00.0000)
iTunes (Version: 8.2.1.6)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
LCD test (Version: 1.00.0000)
LimeWire 5.4.6 (Version: 5.4.6)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
MetaBoli (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 14.0 (x86 en-US) (Version: 14.0)
Mozilla Maintenance Service (Version: 17.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Napoleon: Total War
Nero 8 Essentials (Version: 8.3.389)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Controller Driver (Version: 280.10)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Display Control Panel (Version: 6.14.11.9713)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
Office Suite X 3.3 (Version: 3.3.9567)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Packard Bell ImageWriter v1.1 (Version: 1.1)
Packard Bell Recovery Management (Version: 3.1.3003)
ParetoLogic PC Health Advisor (Version: 3.1.3.0)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.64.17.73)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver (Version: 6.243.1025.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.5618)
RealUpgrade 1.1 (Version: 1.1.0)
SeaTools for Windows (Version: 1.1.0.9)
Segoe UI (Version: 15.4.2271.0615)
Setup My PC (Version: 3.00.0000)
Sid Meier's Civilization 4 Complete (Version: 1.74)
Sky Player (Version: 5.0.1593)
Skype™ 5.10 (Version: 5.10.116)
SparkTrust PC Cleaner Plus (Version: 3.1.5.0)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Steam (Version: 1.0.0.0)
System Requirements Lab
TuneUp Utilities Language Pack (en-GB) (Version: 9.0.6020.7)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Updator (Version: 3.00.0000)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Devices: ================================

Name: isatap.home
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3070.32 MB
Available physical RAM: 1629.34 MB
Total Pagefile: 6376.86 MB
Available Pagefile: 4993.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.22 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:586.17 GB) (Free:419.2 GB) NTFS

========================= Users: ========================================

User accounts for \\EAMONNS

Administrator ASPNET currys 
Guest UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


----------



## eddie5659 (Mar 19, 2001)

Hmmm, that's all okay.

Now, a while back I was going to do a repair, but you had no Internet Options. Now, I know that you said that they're now working, so can you see if you can try a repair as mentioned here:

http://support.microsoft.com/kb/318378

Method 1: Reset the Internet Explorer settings

Its the same for IE9 as it was for IE7 (in above link).

Reboot and let me know if that works.


----------



## baffledUK (Jul 2, 2012)

Can only run manual fix...unfortunately still not working. on the auto fix option it tells me I need to install some software Net framework v4.0 30319. Very frustrating......


----------



## eddie5659 (Mar 19, 2001)

Okay, can you use SystemLook and do a scan with the following code:


```
:filefind
*ieframe.dll
```


----------



## baffledUK (Jul 2, 2012)

Here goes

SystemLook 30.07.11 by jpshortstuff
Log created at 19:08 on 24/11/2012 by currys
Administrator - Elevation successful

========== filefind ==========

Searching for "*ieframe.dll"
C:\Windows\System32\ieframe.dll --a---- 9738240 bytes [22:23 11/10/2012] [22:23 11/10/2012] 0BA3F31E2B4D8D99DF8DD19E81155374
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll --a---- 6066176 bytes [20:38 21/08/2008] [04:43 21/02/2008] BEF8F4C04C3A3C5A4EDDF2FF5A0AF71C
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieframe.dll --a---- 6066176 bytes [20:49 21/08/2008] [04:23 25/04/2008] FA63DF6EE2BFC4AABC29CE331D56854C
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16851_none_62872273b12017b2\ieframe.dll --a---- 6066176 bytes [16:08 15/06/2009] [16:14 24/04/2009] 85D2C137B1A1B4F5E8002B8CB1D071B1
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll --a---- 6067712 bytes [20:38 21/08/2008] [04:49 22/02/2008] EF676C3486A4F95BA000831642040248
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieframe.dll --a---- 6068224 bytes [20:49 21/08/2008] [04:07 25/04/2008] 3968CE20B46956E7EE28C64822ED22DF
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21046_none_632068beca314d80\ieframe.dll --a---- 6069248 bytes [16:08 15/06/2009] [15:54 24/04/2009] E76D2A320CD510178909B3A65433619E
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18000_none_64a26c9fae1f0949\ieframe.dll --a---- 6068736 bytes [02:24 21/01/2008] [02:24 21/01/2008] 8320A8937995094D00082D7CE97A7AB1
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18248_none_647f330bae383e13\ieframe.dll --a---- 6069248 bytes [16:08 15/06/2009] [16:02 24/04/2009] 02EECD62E27F7A7AD54CA09C50E8BFC8
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22418_none_65294180c73d8731\ieframe.dll --a---- 6071296 bytes [16:08 15/06/2009] [15:57 24/04/2009] 6849FDB2BA739EF969E3B80A8BAAA73C
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18005_none_668de5abab40d495\ieframe.dll --a---- 6079488 bytes [19:47 20/10/2009] [06:28 11/04/2009] D0DB6CA4E21BE6809F356C90BBDE8A66
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll --a---- 11063808 bytes [19:07 15/06/2009] [11:39 08/03/2009] 729DA5D23A9AD20A6AA353156A126420
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieframe.dll --a---- 11064832 bytes [19:08 15/06/2009] [05:34 09/05/2009] 4BDD02DD6FDC19698DAA841554782897
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieframe.dll --a---- 11067392 bytes [18:27 28/07/2009] [21:47 21/07/2009] C8412B9E3F87918505AF1DE36379108F
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18828_none_477df2c3c3f546b9\ieframe.dll --a---- 11069440 bytes [18:16 15/10/2009] [05:17 27/08/2009] 2D431D2BF1EECE14AF8BC9FF14E67FB0
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18865_none_474fb235c4186a78\ieframe.dll --a---- 11069952 bytes [08:37 11/12/2009] [06:34 21/11/2009] 004CACF790564BD9C11FD5B997E02861
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18882_none_4737117fc42b5655\ieframe.dll --a---- 11070464 bytes [19:47 21/01/2010] [06:32 02/01/2010] 2267A6D54949CADF37B3E2A4691D472B
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18904_none_478f9359c3e8a6a2\ieframe.dll --a---- 11070976 bytes [20:39 30/03/2010] [06:33 23/02/2010] 5A5FA83152FB92CAECC51935D05850C1
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18928_none_477df4a9c3f543e0\ieframe.dll --a---- 11076096 bytes [19:40 11/06/2010] [05:55 04/05/2010] B81B1FE1B9038D7D01227D700B1DCD6B
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18943_none_4763535fc409fd0f\ieframe.dll --a---- 11077120 bytes [15:55 11/08/2010] [06:02 26/06/2010] F8427C8E999FBCB98575C705A464F854
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18975_none_4744e42fc4208390\ieframe.dll --a---- 11080192 bytes [10:15 14/10/2010] [05:56 08/09/2010] 7AEBF0E6158B66CDF0E5859326CA9E82
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18999_none_4733457fc42d20ce\ieframe.dll --a---- 11080704 bytes [11:03 17/12/2010] [05:57 02/11/2010] B49453BBD9D0D2851613D7B443FBF682
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19019_none_47899d01c3ec7488\ieframe.dll --a---- 11080704 bytes [23:32 09/02/2011] [06:22 18/12/2010] 001C55FA3A4BE6AA88AE15BDC47F9FB0
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19048_none_47682cf3c405af04\ieframe.dll --a---- 11080704 bytes [21:22 14/04/2011] [06:16 22/02/2011] 4F0A36761653F62FEA96DB79FE15485F
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19222_none_4777cedbc3fad966\ieframe.dll --a---- 11082752 bytes [19:50 15/05/2012] [11:25 28/02/2012] 23B80871044FBD0ADEA1A3F58ADEA369
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19328_none_477dd27dc3f56e97\ieframe.dll --a---- 11111424 bytes [17:42 11/10/2012] [11:44 25/08/2012] BA7488EA536BCDD2F551A075BBE62C76
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieframe.dll --a---- 11064832 bytes [19:08 15/06/2009] [22:35 12/05/2009] 5A8ADBC9646615933F2256475C71070D
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieframe.dll --a---- 11068416 bytes [18:27 28/07/2009] [05:58 22/07/2009] 85B61023FC6130F5D25CFE9352688912
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22918_none_48125f7add0aca92\ieframe.dll --a---- 11069952 bytes [18:16 15/10/2009] [13:21 27/08/2009] AF1CF6CF39074DEF5CBC902833C1C1C6
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22956_none_47e51f36dd2d07a8\ieframe.dll --a---- 11071488 bytes [08:37 11/12/2009] [14:59 21/11/2009] F0A1EC7097BDC4F0725AF3A570FB16E9
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22973_none_47cc7e80dd3ff385\ieframe.dll --a---- 11070976 bytes [19:47 21/01/2010] [14:50 02/01/2010] 67BA7B02786B5C7A5E45232047BA8E2C
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22995_none_47b8df3cdd4e5e15\ieframe.dll --a---- 11073024 bytes [20:39 30/03/2010] [15:00 23/02/2010] 835FFFDF2D33E1F35BE719EF5496FE49
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23019_none_481337e6dd0a172b\ieframe.dll --a---- 11078144 bytes [19:40 11/06/2010] [06:30 04/05/2010] CDCD221996D664E4E2FF618ED446F4A2
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23040_none_47e9c588dd2a86ef\ieframe.dll --a---- 11078656 bytes [15:55 11/08/2010] [06:48 26/06/2010] 0872F3C773A8D8B6984EE27002ADFB7A
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23067_none_47db27b6dd347032\ieframe.dll --a---- 11082240 bytes [10:15 14/10/2010] [06:21 08/09/2010] 0C0AEC386928B7A1485C7C966E10A44D
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23091_none_47b4b636dd522bfb\ieframe.dll --a---- 11082752 bytes [11:03 17/12/2010] [07:07 02/11/2010] 6044E16C44573794E2B270CB3AB4C16F
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23111_none_480b377cdd11499a\ieframe.dll --a---- 11082752 bytes [23:32 09/02/2011] [07:11 18/12/2010] 1FD68562A887EBD554D464AA6F5DE426
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23143_none_47ecc84cdd27d01b\ieframe.dll --a---- 11082752 bytes [21:22 14/04/2011] [07:13 22/02/2011] 855B822C6C390BC30ED36C08518334C4
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23318_none_48123d4edd0af549\ieframe.dll --a---- 11085312 bytes [19:50 15/05/2012] [18:00 28/02/2012] EF74BD331AFE6FA5E9F57A912192D400
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23415_none_480f3e56dd0da66b\ieframe.dll --a---- 11113472 bytes [17:42 11/10/2012] [13:48 25/08/2012] 04A5968244EF4111749BCF5F38242401
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.16450_none_24743781ec1c89d7\ieframe.dll --a---- 9738240 bytes [22:23 11/10/2012] [22:23 11/10/2012] 0BA3F31E2B4D8D99DF8DD19E81155374
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.16455_none_247938f3ec18088a\ieframe.dll --a---- 9738240 bytes [19:17 15/11/2012] [08:02 08/10/2012] A6B73FCB9496DB101F3066CAF5A7DA4B
C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.20562_none_24f504f505407840\ieframe.dll --a---- 9738240 bytes [19:17 15/11/2012] [07:49 08/10/2012] 2E54A9D2083FB04CD93072DDA6EE51B6

-= EOF =- thanks again Eddie


----------



## eddie5659 (Mar 19, 2001)

Well, looks like you have the file, so that's another route out 

However, been having a play on my pc, and so onto another scan, as I think this (hopefully) will tell us some things 

Using OTL again, can you do this:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
Under the *Standard Registry* box change it to *All*
Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:



> hklm\software\clients\startmenuinternet|command /64 /rs
> hklm\software\clients\startmenuinternet|command /rs
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE /s



Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open only one notepad log, just copy/paste here as before 

eddie


----------



## baffledUK (Jul 2, 2012)

OTL logfile created on: 25/11/2012 23:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\currys\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.59% Memory free
6.23 Gb Paging File | 5.38 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 420.19 Gb Free Space | 71.68% Space Free | Partition Type: NTFS

Computer Name: EAMONNS | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\currys\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe File not found
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ETService) -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()

========== Driver Services (SafeList) ==========

DRV - (Partizan) -- system32\drivers\Partizan.sys File not found
DRV - (catchme) -- C:\Users\currys\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RegGuard) -- C:\Windows\System32\drivers\regguard.sys (Greatis Software)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP68
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\..\SearchScopes\{E9853829-58A5-48F5-BE68-A4D1F886BBAD}: "URL" = http://www.bing.com/search?FORM=UP68DF&PC=UP68&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-118059262-2797764304-1290977041-1006\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B62760FD6-B943-48C9-AB09-F99C6FE96088%7D:2.5.3
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb185/?loc=IB_DS&a=6PQPf2f5H6&&i=26&search="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 23:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 11:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/15 20:46:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/15 20:46:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/15 20:46:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/15 20:46:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2012/10/23 22:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2012/11/08 22:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/24 21:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/07/10 22:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions
[2012/11/10 15:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions
[2012/09/12 22:02:41 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\firefox\profiles\fwvafgml.default\extensions\[email protected]
[2012/09/23 22:30:40 | 000,670,738 | ---- | M] () (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\firefox\profiles\fwvafgml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
[2012/11/15 20:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2012/11/15 20:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/11/15 20:46:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/05/01 21:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/05/12 18:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/11/07 17:08:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/11/07 17:08:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/11/07 17:08:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/11/07 17:08:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/11/07 17:08:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/11/07 17:08:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/11/07 17:08:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/01 21:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2012/09/23 12:02:20 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/09/23 12:02:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/23 12:02:20 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/09/23 12:02:20 | 000,003,590 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/09/23 12:02:20 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/23 12:02:20 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/23 12:02:20 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb185/?loc=IB_DS&search={searchTerms}&a=6PQPf2f5H6&i=26
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\currys\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: IncrediBar for Chrome\u2122 = C:\Users\currys\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\

O1 HOSTS File: ([2012/11/24 20:59:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-118059262-2797764304-1290977041-1006..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-118059262-2797764304-1290977041-1006..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data]
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data]
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetup = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupIDPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupSecurityPage = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoWorkgroupContents = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoEntireNetwork = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSharingControl = 0
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118059262-2797764304-1290977041-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1322783446664 (MUCatalogWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27FA60FB-5855-47ED-90FC-73C7DFD953D2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/29 11:14:24 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 21:06:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/24 21:06:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/24 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\temp
[2012/11/20 22:39:42 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{C4C59922-786C-47A7-B084-E63499F113FF}
[2012/11/18 22:35:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/18 22:35:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/18 22:35:32 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/18 22:20:26 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{F2901A73-B6C9-45E9-ACA6-EE6EAA76E1E6}
[2012/11/18 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{4110471B-C08F-4271-9A27-EDDF84E7467F}
[2012/11/16 23:32:56 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\SparkTrust
[2012/11/16 23:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2012/11/16 16:56:13 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/11/16 14:50:56 | 000,000,000 | ---D | C] -- C:\d9a7c4231542d8d40840
[2012/11/16 10:39:41 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{6190B837-FFCF-4CDE-9E3E-D2B228C550DC}
[2012/11/15 22:39:30 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{9F841408-9FFE-45A9-A5ED-63179AF1EBBD}
[2012/11/15 22:12:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/15 20:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/15 19:29:05 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{2233E538-7E4D-4263-8AF0-1E5312C77389}
[2012/11/15 19:26:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/15 19:26:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/15 19:25:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/15 19:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/11/15 19:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/11/14 18:47:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{25B72BC7-E0F1-4B50-BDA8-7B447E2D0238}
[2012/11/13 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/11/13 22:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/11/13 22:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/11/13 22:28:06 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{C70DEA56-6D7C-4E30-8972-4F7EA121558A}
[2012/11/13 22:22:08 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\PC Utility Kit
[2012/11/13 22:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2012/11/12 23:48:13 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{9455DC71-DBCE-417B-B0C5-18E56635D2CC}
[2012/11/12 23:30:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/11/12 23:30:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012/11/12 23:30:24 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/11/12 23:29:57 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012/11/12 22:36:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/11/12 18:01:18 | 000,000,000 | ---D | C] -- C:\64dfc7bf1d8f5d8719b73eb166
[2012/11/12 17:45:14 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{05918243-4AB3-420A-8019-8994807C2566}
[2012/11/11 17:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/11/11 17:27:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2012/11/11 12:46:53 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\Innovative Solutions
[2012/11/09 23:17:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/09 23:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/11/09 23:02:15 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2012/11/09 23:02:15 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2012/11/09 23:02:15 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2012/11/09 23:02:15 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2012/11/09 23:02:15 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2012/11/03 20:31:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/03 01:02:08 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{E0BA36D2-AFBC-47DF-B974-4EE71AFC1A6C}
[2012/10/30 18:54:20 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{D704C4FD-D4DC-4EC4-BAEB-85AE663917B6}
[2012/10/29 22:32:03 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\OfficeSuiteX
[2012/10/29 22:30:54 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Suite X 3.3
[2012/10/29 22:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Office Suite X 3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/25 23:34:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/25 23:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 22:29:31 | 000,668,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/25 22:29:31 | 000,136,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/25 22:26:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 22:26:46 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/11/25 22:25:11 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 22:25:11 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 22:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/25 16:30:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-currys.job
[2012/11/24 20:59:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/24 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/11/22 02:22:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2012/11/16 23:15:18 | 000,001,076 | ---- | M] () -- C:\Users\currys\Desktop\Auslogics Registry Cleaner.lnk
[2012/11/15 22:09:00 | 000,000,545 | ---- | M] () -- C:\Users\currys\Desktop\ComboFix.exe - Shortcut.lnk
[2012/11/15 22:08:27 | 000,000,376 | ---- | M] () -- C:\0
[2012/11/15 19:19:15 | 000,000,915 | ---- | M] () -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/11/15 19:19:12 | 000,000,735 | ---- | M] () -- C:\Users\currys\Desktop\NTREGOPT.lnk
[2012/11/15 19:19:12 | 000,000,716 | ---- | M] () -- C:\Users\currys\Desktop\ERUNT.lnk
[2012/11/13 22:57:16 | 000,000,920 | ---- | M] () -- C:\Users\currys\Documents\mail.btinternet.com.iaf
[2012/11/13 22:35:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/11/13 22:35:04 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2012/11/13 22:32:04 | 000,000,898 | ---- | M] () -- C:\Users\currys\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/11/10 16:23:03 | 000,113,010 | ---- | M] () -- C:\Users\currys\Documents\cc_20121110_162254.reg
[2012/11/09 23:02:24 | 000,000,450 | ---- | M] () -- C:\user.js
[2012/11/09 22:52:17 | 000,329,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/30 19:03:19 | 000,244,092 | ---- | M] () -- C:\Users\currys\Desktop\bill-2012-10-09.pdf
[2012/10/29 22:30:54 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Office Suite X 3.3.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/16 23:15:18 | 000,001,076 | ---- | C] () -- C:\Users\currys\Desktop\Auslogics Registry Cleaner.lnk
[2012/11/15 22:09:00 | 000,000,545 | ---- | C] () -- C:\Users\currys\Desktop\ComboFix.exe - Shortcut.lnk
[2012/11/15 19:26:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/15 19:26:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/15 19:26:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/15 19:26:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/15 19:26:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/15 19:19:15 | 000,000,915 | ---- | C] () -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/11/15 19:19:12 | 000,000,735 | ---- | C] () -- C:\Users\currys\Desktop\NTREGOPT.lnk
[2012/11/15 19:19:12 | 000,000,716 | ---- | C] () -- C:\Users\currys\Desktop\ERUNT.lnk
[2012/11/13 22:57:16 | 000,000,920 | ---- | C] () -- C:\Users\currys\Documents\mail.btinternet.com.iaf
[2012/11/13 22:32:18 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/11/13 22:32:04 | 000,000,898 | ---- | C] () -- C:\Users\currys\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/11/13 22:32:03 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/11/13 22:32:03 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/11/13 22:32:02 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2012/11/13 22:32:01 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2012/11/10 16:22:58 | 000,113,010 | ---- | C] () -- C:\Users\currys\Documents\cc_20121110_162254.reg
[2012/11/09 23:02:23 | 000,000,450 | ---- | C] () -- C:\user.js
[2012/10/30 19:03:19 | 000,244,092 | ---- | C] () -- C:\Users\currys\Desktop\bill-2012-10-09.pdf
[2012/10/29 22:30:54 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Office Suite X 3.3.lnk
[2012/09/21 17:39:10 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/08/14 21:05:18 | 000,000,000 | ---- | C] () -- C:\Users\currys\D
[2012/07/06 12:47:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/07/04 23:18:12 | 000,016,968 | ---- | C] () -- C:\Users\currys\Untitled 1.odt
[2012/07/01 00:13:20 | 000,329,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/24 10:02:02 | 000,000,487 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/29 11:35:23 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\{A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5}
[2011/12/29 19:48:31 | 000,016,918 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.xml
[2011/12/29 11:23:29 | 004,250,112 | ---- | C] () -- C:\Users\currys\powerpoint-x-none.msp
[2011/12/26 13:05:56 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/02 22:16:09 | 000,001,043 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/06/17 20:23:38 | 000,000,094 | ---- | C] () -- C:\Users\currys\AppData\Local\fusioncache.dat
[2011/03/03 20:18:20 | 000,001,024 | ---- | C] () -- C:\Users\currys\.rnd
[2011/03/03 20:18:09 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/02/06 00:16:30 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/16 15:06:15 | 000,001,356 | ---- | C] () -- C:\Users\currys\AppData\Local\d3d9caps.dat
[2009/06/23 21:13:57 | 000,024,206 | ---- | C] () -- C:\Users\currys\AppData\Roaming\UserTile.png
[2009/06/16 17:02:15 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/06/15 19:10:47 | 000,211,968 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/11/15 20:46:15 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/11/15 20:46:15 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/11/15 20:46:15 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/11/15 20:46:15 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/11/15 20:46:15 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/11/15 20:46:15 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/10/11 22:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/10/11 22:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/10/11 22:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/10/11 22:23:04 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/11/15 20:46:15 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/11/15 20:46:15 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/11/15 20:46:15 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/11/15 20:46:15 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/11/15 20:46:15 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/11/15 20:46:15 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/10/11 22:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/10/11 22:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/10/11 22:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/10/11 22:23:04 | 000,748,680 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1077 bytes -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml:OECustomProperty

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Will have a look at this tonight, but this is the main bit I wanted to look at, and it was just as I thought it would be:

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE /s >

Will look at it fully later


----------



## eddie5659 (Mar 19, 2001)

Okay, we're going to do a reg import, as the details for the key I posted above is missing.

So, firstly, lets create a backup, just to be safe:

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










-----------

Now, copy/paste the following line into a new Notepad file. Then click File | Save As, and in the *File Name*, call it *fix.reg*. Ensure the *Save as Type* is showing as *All Files*. 
Save it to your Desktop.


```
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]
@="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"
"Path"="C:\\Program Files\\Internet Explorer;"
```
Locate the *fix.reg* file on your Desktop, doubleclick and when the option appears saying *Are you sure you want to Add the information in fix.reg to the Registry?*, select *Yes*.

Reboot and see if that works.

eddie


----------



## baffledUK (Jul 2, 2012)

Eddie tried it but got this error...Cannot import C\users\currys\desktop\fix.reg. The specified file is not a registry script. You can only import binary registry files from within the registry editor


----------



## Cookiegal (Aug 27, 2003)

Are you sure you copied everything in the code box, including the first line which reads:

*Windows Registry Editor Version 5.00*


----------



## Cookiegal (Aug 27, 2003)

If that wasn't the problem then did you change the "Save as type" to "All Files" before saving it? 

Make sure it doesn't have a .txt extension (i.e. fix.reg.txt).


----------



## eddie5659 (Mar 19, 2001)

Thanks Cookie, had to go offline for a bit, but will look at this fully tomorrow, as I'm here for 5 or so hours


----------



## Cookiegal (Aug 27, 2003)

You're welcome. I didn't mean to intrude but the user was still on-line and I didn't think you'd be back tonight. They signed off shortly after I posted though. I didn't realize they were in the UK too.


----------



## baffledUK (Jul 2, 2012)

done.. buy still no joy sadly


----------



## eddie5659 (Mar 19, 2001)

Guessing that you managed to import the reg file, so having a think on the next thing.

Running a few scans to test stuff


----------



## eddie5659 (Mar 19, 2001)

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to the following:

*Disabled MS Config Items
NetSvcs
EventViewer logs (Last 10 errors)
App Paths
Approved Shell Extensions
IE Explorer Bars
Security Center Centres*

Under the *Custom Scans *section, copy/paste the following:

*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE /s*

Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.

Copy/Paste the full log here. The last line is *< End of Report >*, so make sure that is the last line in the attached report.


----------



## baffledUK (Jul 2, 2012)

```
OTS logfile created on: 29/11/2012 22:33:48 - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\currys\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 418.22 Gb Free Space | 71.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: EAMONNS
Current User Name: currys
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\currys\Downloads\OTS.exe -> [2012/11/29 22:28:28 | 000,646,656 | ---- | M] (OldTimer Tools)
daemonu.exe -> C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2012/10/10 20:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation)
nvxdsync.exe -> C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -> [2012/10/02 19:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation)
nvtray.exe -> C:\Program Files\NVIDIA Corporation\Display\nvtray.exe -> [2012/10/02 19:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation)
msmpeng.exe -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation)
msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files\Microsoft\BingBar\SeaPort.EXE -> [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
[Win32 Services - Safe List]
(WajamUpdater) WajamUpdater [On_Demand | Stopped] ->  -> File not found
(vToolbarUpdater12.2.6) vToolbarUpdater12.2.6 [Disabled | Stopped] ->  -> File not found
(AntiVirService) Avira Realtime Protection [Auto | Stopped] ->  -> File not found
(AntiVirSchedulerService) Avira Scheduler [Auto | Stopped] ->  -> File not found
(MozillaMaintenance) Mozilla Maintenance Service [Disabled | Stopped] -> C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/11/15 20:46:15 | 000,115,168 | ---- | M] (Mozilla Foundation)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Steam\SteamService.exe -> [2012/10/21 16:48:01 | 000,529,744 | ---- | M] (Valve Corporation)
(nvUpdatusService) NVIDIA Update Service Daemon [Auto | Running] -> C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2012/10/10 20:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [Disabled | Stopped] -> C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/10/09 19:34:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated)
(NisSrv) Microsoft Network Inspection [Unknown | Stopped] -> c:\Program Files\Microsoft Security Client\NisSrv.exe -> [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation)
(MsMpSvc) Microsoft Antimalware Service [Unknown | Running] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation)
(MBAMService) MBAMService [Disabled | Stopped] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/09/07 16:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation)
(MBAMScheduler) MBAMScheduler [Disabled | Stopped] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -> [2012/09/07 16:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation)
(AdobeARMservice) Adobe Acrobat Update Service [Disabled | Stopped] -> C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated)
(SkypeUpdate) Skype Updater [Disabled | Stopped] -> C:\Program Files\Skype\Updater\Updater.exe -> [2012/07/13 12:39:50 | 000,160,944 | R--- | M] (Skype Technologies)
(BBSvc) Bing Bar Update Service [On_Demand | Stopped] -> C:\Program Files\Microsoft\BingBar\BBSvc.EXE -> [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\BingBar\SeaPort.EXE -> [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation)
(GoToAssist) GoToAssist [Disabled | Stopped] -> C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -> [2010/12/10 12:47:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(KService) KService [Disabled | Stopped] -> C:\Program Files\Kontiki\KService.exe -> [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Disabled | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/08/21 21:08:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
(ETService) Empowering Technology Service [Disabled | Stopped] -> C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -> [2008/07/16 14:00:00 | 000,024,576 | ---- | M] ()
(ezSharedSvc) Easybits Shared Services for Windows [Auto | Running] -> C:\Windows\System32\ezsvc7.dll -> [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation)
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/10 23:45:04 | 000,124,832 | ---- | M] ()
 
[Driver Services - Safe List]
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2012/10/10 20:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation)
(MBAMProtector) MBAMProtector [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbam.sys -> [2012/09/07 16:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation)
(avgtp) avgtp [Kernel | System | Running] -> C:\Windows\System32\drivers\avgtpx86.sys -> [2012/09/03 20:14:14 | 000,027,496 | ---- | M] (AVG Technologies)
(NisDrv) Microsoft Network Inspection System [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation)
(RegGuard) RegGuard [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\regguard.sys -> [2012/06/23 11:42:47 | 000,024,416 | ---- | M] (Greatis Software)
(avipbb) avipbb [Kernel | System | Running] -> C:\Windows\System32\drivers\avipbb.sys -> [2012/05/10 08:55:44 | 000,137,928 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\System32\drivers\avgntflt.sys -> [2012/05/10 08:55:44 | 000,083,392 | ---- | M] (Avira GmbH)
(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvhda32v.sys -> [2012/01/17 12:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation)
(avkmgr) avkmgr [Kernel | System | Running] -> C:\Windows\System32\drivers\avkmgr.sys -> [2011/12/09 12:40:53 | 000,036,000 | ---- | M] (Avira GmbH)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2010/10/25 18:04:46 | 000,303,720 | ---- | M] (Realtek                                            )
(nvstor32) nvstor32 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\nvstor32.sys -> [2010/04/09 02:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation)
(int15) int15 [Kernel | Auto | Running] -> C:\Windows\System32\drivers\int15.sys -> [2008/07/16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> 
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"Default_Page_URL" -> http://www.msn.com/?ocid=EIE9HP&PC=UP68 -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"Start Page" -> about:blank -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\] > -> -> 
< FireFox Settings [Prefs.js] > -> C:\Users\currys\AppData\Roaming\Mozilla\FireFox\Profiles\fwvafgml.default\prefs.js -> 
browser.search.defaultenginename -> "MyStart Search" ->
browser.search.defaultthis.engineName -> "" ->
browser.search.defaulturl -> "" ->
browser.startup.homepage -> "http://www.google.co.uk/" ->
keyword.URL -> "http://mystart.incredibar.com/mb185/?loc=IB_DS&a=6PQPf2f5H6&&i=26&search=" ->
network.proxy.no_proxies_on -> "*.local" ->
network.proxy.type -> 0 ->
< FireFox Settings [User.js] > -> C:\Users\currys\AppData\Roaming\Mozilla\FireFox\Profiles\fwvafgml.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 -> 
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2011/01/03 11:29:42 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\PROGRAM FILES\IB UPDATER\FIREFOX -> 
HKLM\software\mozilla\Mozilla Firefox 14.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 14.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/11/15 20:46:15 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/11/15 20:46:13 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/11/15 20:46:15 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/11/15 20:46:13 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\currys\AppData\Roaming\mozilla\Extensions -> [2012/10/23 22:57:25 | 000,000,000 | ---D | M]
  -> C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected] -> [2009/07/24 21:05:32 | 000,000,000 | ---D | M]
  -> C:\Users\currys\AppData\Roaming\mozilla\Firefox\extensions -> [2012/07/10 22:05:54 | 000,000,000 | ---D | M]
  -> C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\fwvafgml.default\extensions -> [2012/11/10 15:54:29 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\Extensions -> [2012/11/15 20:46:13 | 000,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\distribution\extensions -> [2012/11/15 20:46:15 | 000,000,000 | ---D | M]
No name found -> C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI -> ()
No name found -> C:\USERS\CURRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWVAFGML.DEFAULT\EXTENSIONS\[email protected] -> ()
< HOSTS File > ([2012/11/24 20:59:09 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2012/04/04 05:53:54 | 000,065,952 | ---- | M] (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/09/25 00:02:30 | 000,449,512 | ---- | M] (Oracle Corporation)
{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} [HKLM] -> Reg Error: Key error. [Wajam] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\Microsoft\BingBar\BingExt.dll [Bing Bar Helper] -> [2011/04/01 11:14:30 | 001,144,072 | ---- | M] (Microsoft Corporation.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/09/25 00:02:30 | 000,155,384 | ---- | M] (Oracle Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\Microsoft\BingBar\BingExt.dll [Bing Bar] -> [2011/04/01 11:14:30 | 001,144,072 | ---- | M] (Microsoft Corporation.)
< Run [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 06:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Pan
\Control Pan\\"homepage" ->  [0] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Pan
\Control Pan\\"homepage" ->  [0] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions
\Restrictions\\"NoViewSource" ->  [0] -> File not found
\Restrictions\\"NoBrowserContextMenu" ->  [0] -> File not found
\Restrictions\\"NoBrowserClose" ->  [0] -> File not found
\Restrictions\\"NoBrowserOptions" ->  [0] -> File not found
\Restrictions\\"NoBrowserSaveAs" ->  [0] -> File not found
\Restrictions\\"NoFavorites" ->  [0] -> File not found
\Restrictions\\"NoFileNew" ->  [0] -> File not found
\Restrictions\\"NoFileOpen" ->  [0] -> File not found
\Restrictions\\"NoFindFiles" ->  [0] -> File not found
\Restrictions\\"NoSelectDownloadDir" ->  [0] -> File not found
\Restrictions\\"NoTheaterMode" ->  [0] -> File not found
\Restrictions\\"NoAddressBar" ->  [0] -> File not found
\Restrictions\\"NoToolBar" ->  [0] -> File not found
\Restrictions\\"NoLinksBar" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [255] -> File not found
\\"EnableShellExecuteHooks" ->  [1] -> File not found
\\"NoDriveAutoRun-" ->  [0] -> File not found
\\"NoDriveTypeAutoRun-" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoFolderOptions" ->  [ [binary data]] -> File not found
\\"NoResolveTrack" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoLogOff" ->  [0] -> File not found
\\"NoClose" ->  [0] -> File not found
\\"NoSetFolders" ->  [0] -> File not found
\\"NoFavoritesMenu" ->  [0] -> File not found
\\"NoFind" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoLogOff" ->  [0] -> File not found
\\"NoClose" ->  [0] -> File not found
\\"NoSetFolders" ->  [0] -> File not found
\\"NoFavoritesMenu" ->  [0] -> File not found
\\"NoFind" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"LinkResolveIgnoreLinkInfo" ->  [1] -> File not found
\\"NoDriveAutoRun-" ->  [0] -> File not found
\\"NoDriveTypeAutoRun-" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [253] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoDesktop" ->  [0] -> File not found
\\"RestrictRun" ->  [0] -> File not found
\\"NoResolveTrack" ->  [1] -> File not found
\\"NoThumbnailCache" ->  [1] -> File not found
\\"link" ->  [ [binary data]] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"NoSecCPL" ->  [0] -> File not found
\\"NoDispCPL" ->  [0] -> File not found
\\"NoDispBackgroundPage" ->  [0] -> File not found
\\"NoDispScrSavPage" ->  [0] -> File not found
\\"NoDispAppearancePage" ->  [0] -> File not found
\\"NoDispSettingsPage" ->  [0] -> File not found
\\"NoDevMgrPage" ->  [0] -> File not found
\\"NoConfigPage" ->  [0] -> File not found
\\"NoVirtMemPage" ->  [0] -> File not found
\\"NoFileSysPage" ->  [0] -> File not found
\\"NoNetSetup" ->  [0] -> File not found
\\"NoNetSetupIDPage" ->  [0] -> File not found
\\"NoNetSetupSecurityPage" ->  [0] -> File not found
\\"NoWorkgroupContents" ->  [0] -> File not found
\\"NoEntireNetwork" ->  [0] -> File not found
\\"NoFileSharingControl" ->  [0] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3538 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\] > -> HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [HKLM] -> http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1322783446664 [MUCatalogWebControl Class] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab [GMNRev Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab [Reg Error: Value error.] -> 
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab [Java Plug-in 1.7.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 10.7.2] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{27FA60FB-5855-47ED-90FC-73C7DFD953D2}\\DhcpNameServer -> 192.168.1.254   (Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe -> [2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll -> [2010/12/10 12:47:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{E54729E8-BB3D-4270-9D49-7389EA579090}" [HKLM] -> C:\Windows\System32\ezUPBHook.dll [EasyBits Security Shield Hook - prevents launching insecure programs by kids] -> [2009/06/15 21:52:25 | 000,049,152 | ---- | M] (EasyBits Software Corp.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 21:43:36 | 000,000,024 | ---- | M] ()
C:\Autorun.inf [] -> C:\Autorun.inf [ NTFS ] -> [2011/12/29 11:14:24 | 000,000,000 | ---D | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{00020d75-0000-0000-c000-000000000046}" [HKLM] -> Reg Error: Key error. [lnkfile] -> File not found
"{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}" [HKLM] -> C:\Program Files\Windows Photo Gallery\PhotoAcq.dll [PhotoAcqDropTarget] -> [2009/04/11 06:28:23 | 001,030,144 | ---- | M] (Microsoft Corporation)
"{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" [HKLM] -> C:\Program Files\Windows Photo Gallery\ImagingDevices.exe [Microsoft.ScannersAndCameras] -> [2006/11/02 12:36:17 | 000,202,752 | ---- | M] (Microsoft Corporation)
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" [HKLM] -> C:\Program Files\Office Suite X 3\Basis\program\shlxthdl\shlxthdl.dll [Office Suite X Infotip Handler] -> [2011/12/17 19:15:34 | 000,293,888 | ---- | M] (OpenOffice.org)
"{09A47860-11B0-4DA5-AFA5-26D86198A780}" [HKLM] -> c:\Program Files\Microsoft Security Client\shellext.dll [EPP] -> [2012/09/12 16:19:26 | 000,269,024 | ---- | M] (Microsoft Corporation)
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" [HKLM] ->  [Taskbar and Start Menu] -> File not found
"{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" [HKLM] -> Reg Error: Key error. [Contacts folder] -> File not found
"{11dbb47c-a525-400b-9e80-a54615a090c0}" [HKLM] -> C:\Windows\System32\ExplorerFrame.dll [Execute Folder] -> [2009/04/11 06:28:19 | 000,020,992 | ---- | M] (Microsoft Corporation)
"{13D3C4B8-B179-4ebb-BF62-F704173E7448}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [Windows Contact Preview Handler] -> [2009/04/11 06:28:25 | 000,707,584 | ---- | M] (Microsoft Corporation)
"{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [group_wab_auto_file] -> [2009/04/11 06:28:25 | 000,707,584 | ---- | M] (Microsoft Corporation)
"{176d6597-26d3-11d1-b350-080036a75b03}" [HKLM] -> C:\Windows\System32\colorui.dll [ICM Scanner Management] -> [2008/01/21 02:24:36 | 000,686,592 | ---- | M] (Microsoft Corporation)
"{1b24a030-9b20-49bc-97ac-1be4426f9e59}" [HKLM] -> Reg Error: Key error. [ActiveDirectory Folder] -> File not found
"{1FA9085F-25A2-489B-85D4-86326EEDCD87}" [HKLM] -> C:\Windows\System32\wlanpref.dll [Manage Wireless Networks] -> [2009/04/11 06:28:25 | 001,671,680 | ---- | M] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Program Files\Common Files\System\Ole DB\oledb32.dll [Microsoft Data Link] -> [2008/01/21 02:25:01 | 000,688,128 | ---- | M] (Microsoft Corporation)
"{2781761E-28E0-4109-99FE-B9D127C57AFE}" [HKLM] -> C:\Program Files\Windows Defender\MpOAV.dll [Windows Defender IOfficeAntiVirus implementation] -> [2008/01/21 02:23:32 | 000,090,680 | ---- | M] (Microsoft Corporation)
"{28803F59-3A75-4058-995F-4EE5503B023C}" [HKLM] -> C:\Windows\System32\FunctionDiscoveryFolder.dll [Wireless Devices] -> [2009/04/11 06:28:19 | 002,134,528 | ---- | M] (Microsoft Corporation)
"{289978AC-A101-4341-A817-21EBA7FD046D}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Conflict Folder] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{2C2577C2-63A7-40e3-9B7F-586602617ECB}" [HKLM] -> Reg Error: Key error. [Explorer Query Band] -> File not found
"{2E9E59C0-B437-4981-A647-9C34B9B90891}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Setup Folder] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Program Files\Windows Mail\wabfind.dll [For &People...] -> [2006/11/02 09:46:13 | 000,033,280 | ---- | M] (Microsoft Corporation)
"{34449847-FD14-4fc8-A75A-7432F5181EFB}" [HKLM] -> Reg Error: Key error. [ActiveDirectory Folder] -> File not found
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" [HKLM] -> C:\Program Files\Office Suite X 3\Basis\program\shlxthdl\shlxthdl.dll [Office Suite X Thumbnail Viewer] -> [2011/12/17 19:15:34 | 000,293,888 | ---- | M] (OpenOffice.org)
"{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}" [HKLM] -> C:\Windows\System32\nvshext.dll [NVIDIA Play On My TV Context Menu Extension] -> [2012/10/02 19:29:41 | 000,062,312 | ---- | M] (NVIDIA Corporation)
"{3e7efb4c-faf1-453d-89eb-56026875ef90}" [HKLM] ->  [Get Programs Online] -> File not found
"{4026492f-2f69-46b8-b9bf-5654fc07e423}" [HKLM] -> C:\Windows\System32\FirewallControlPanel.exe [Windows Firewall] -> [2008/01/21 02:24:44 | 002,585,088 | ---- | M] (Microsoft Corporation)
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" [HKLM] -> C:\Windows\System32\MediaMetadataHandler.dll [Video Media Properties Handler] -> [2009/04/11 06:28:20 | 000,356,864 | ---- | M] (Microsoft Corporation)
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> Reg Error: Key error. [Microsoft Office HTML Icon Handler] -> File not found
"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" [HKLM] -> C:\Windows\System32\icsigd.dll [IGD Property Sheet Handler] -> [2006/11/02 09:46:05 | 000,195,584 | ---- | M] (Microsoft Corporation)
"{4B534112-3AF6-4697-A77C-D62CE9B9E7CF}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Event Properties Extension] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}" [HKLM] -> C:\Windows\System32\gameux.dll [GameUX.RichGameMediaThumbnail] -> [2009/04/11 06:28:19 | 001,696,768 | ---- | M] (Microsoft Corporation)
"{4F58F63F-244B-4c07-B29F-210BE59BE9B4}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [.group shell extension handler] -> [2009/04/11 06:28:25 | 000,707,584 | ---- | M] (Microsoft Corporation)
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" [HKLM] -> C:\Windows\System32\acppage.dll [Compatibility Property Page] -> [2006/11/02 09:46:02 | 000,038,912 | ---- | M] (Microsoft Corporation)
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" [HKLM] -> C:\Windows\System32\control.exe [Control Panel command object for Start menu] -> [2006/11/02 09:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation)
"{53BEDF0B-4E5B-4183-8DC9-B844344FA104}" [HKLM] -> C:\Windows\System32\mssvp.dll [Microsoft Windows MAPI Preview Handler] -> [2009/04/11 06:28:22 | 000,670,720 | ---- | M] (Microsoft Corporation)
"{576C9E85-1300-4EF5-BF6B-D00509F4EDCD}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Handler Properties Extension] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" [HKLM] -> Reg Error: Key error. [Microsoft Office OneNote Namespace Extension for Windows Desktop Search] -> File not found
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" [HKLM] -> C:\Windows\System32\colorui.dll [ICM Monitor Management] -> [2008/01/21 02:24:36 | 000,686,592 | ---- | M] (Microsoft Corporation)
"{5ea4f148-308c-46d7-98a9-49041b1dd468}" [HKLM] -> C:\Windows\System32\mblctr.exe [Mobility Center Control Panel] -> [2009/04/11 06:27:43 | 000,950,272 | ---- | M] (Microsoft Corporation)
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" [HKLM] -> C:\Program Files\Office Suite X 3\Basis\program\shlxthdl\shlxthdl.dll [Office Suite X Property Sheet Handler] -> [2011/12/17 19:15:34 | 000,293,888 | ---- | M] (OpenOffice.org)
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" [HKLM] -> C:\Windows\System32\colorui.dll [ICM Printer Management] -> [2008/01/21 02:24:36 | 000,686,592 | ---- | M] (Microsoft Corporation)
"{67718415-c450-4f3c-bf8a-b487642dc39b}" [HKLM] -> C:\Windows\System32\OptionalFeatures.exe [Windows Features] -> [2008/01/21 02:23:40 | 000,097,280 | ---- | M] (Microsoft Corporation)
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" [HKLM] -> C:\Windows\System32\shwebsvc.dll [Shell Publishing Wizard Object] -> [2009/04/11 06:28:24 | 000,425,472 | ---- | M] (Microsoft Corporation)
"{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" [HKLM] ->  [Folder Options] -> File not found
"{71D99464-3B6B-475C-B241-E15883207529}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Results Folder] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{74246bfc-4c96-11d0-abef-0020af6b0b7a}" [HKLM] -> C:\Windows\System32\devmgr.dll [Device Manager] -> [2009/04/11 06:28:18 | 000,378,368 | ---- | M] (Microsoft Corporation)
"{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Simple Conflict Presenter] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{7A979262-40CE-46ff-AEEE-7884AC3B6136}" [HKLM] -> C:\Windows\System32\hdwwiz.exe [Add New Hardware] -> [2009/04/11 06:27:39 | 000,080,384 | ---- | M] (Microsoft Corporation)
"{7A9D77BD-5403-11d2-8785-2E0420524153}" [HKLM] -> C:\Windows\System32\Netplwiz.exe [User Accounts] -> [2008/01/21 02:23:45 | 000,025,600 | ---- | M] (Microsoft Corporation)
"{8082C5E6-4C27-48ec-A809-B8E1122E8F97}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [.contact shell extension handler] -> [2009/04/11 06:28:25 | 000,707,584 | ---- | M] (Microsoft Corporation)
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" [HKLM] -> C:\Windows\System32\MediaMetadataHandler.dll [Audio Media Properties Handler] -> [2009/04/11 06:28:20 | 000,356,864 | ---- | M] (Microsoft Corporation)
"{877ca5ac-cb41-4842-9c69-9136e42d47e2}" [HKLM] -> C:\Windows\System32\sdshext.dll [File Backup Index] -> [2008/01/21 02:23:27 | 000,098,816 | ---- | M] (Microsoft Corporation)
"{89D83576-6BD1-4c86-9454-BEB04E94C819}" [HKLM] -> C:\Windows\System32\mssvp.dll [MAPI Search Namespace Extension] -> [2009/04/11 06:28:22 | 000,670,720 | ---- | M] (Microsoft Corporation)
"{8E25992B-373E-486E-80E5-BD23AE417E66}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Device Notification Sink] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{90b9bce2-b6db-4fd3-8451-35917ea1081b}" [HKLM] -> C:\Windows\System32\ExplorerFrame.dll [Search Execute Command] -> [2009/04/11 06:28:19 | 000,020,992 | ---- | M] (Microsoft Corporation)
"{911051fa-c21c-4246-b470-070cd8df6dc4}" [HKLM] -> Reg Error: Key error. [.cab or .zip files] -> File not found
"{91ADC906-6722-4B05-A12B-471ADDCCE132}" [HKLM] -> C:\Windows\System32\TouchX.dll [Touch Band] -> [2006/11/02 12:35:24 | 002,073,600 | ---- | M] (Microsoft Corporation)
"{92337A8C-E11D-11D0-BE48-00C04FC30DF6}" [HKLM] -> C:\Windows\System32\oleprn.dll [OlePrn.PrinterURL] -> [2009/04/11 06:28:23 | 000,097,792 | ---- | M] (Microsoft Corporation)
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" [HKLM] -> Reg Error: Key error. [NeroCoverEd Live Icons] -> File not found
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] -> Reg Error: Key error. [Microsoft Office Metadata Handler] -> File not found
"{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Folder] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{a304259d-52b8-4526-8b1a-a1d6cecc8243}" [HKLM] -> C:\Windows\System32\iscsicpl.exe [iSCSI Initiator] -> [2006/11/02 09:45:17 | 000,120,320 | ---- | M] (Microsoft Corporation)
"{A70C977A-BF00-412C-90B7-034C51DA2439}" [HKLM] -> C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NvCpl DesktopContext Class] -> [2012/10/02 19:29:02 | 003,272,552 | ---- | M] (NVIDIA Corporation)
"{add36aa8-751a-4579-a266-d66f5202ccbb}" [HKLM] -> C:\Windows\System32\shwebsvc.dll [Print Ordering via the Web] -> [2009/04/11 06:28:24 | 000,425,472 | ---- | M] (Microsoft Corporation)
"{AE424E85-F6DF-4910-A6A9-438797986431}" [HKLM] -> C:\Program Files\Office Suite X 3\Basis\program\shlxthdl\propertyhdl.dll [Office Suite X Property Handler] -> [2011/12/17 19:15:34 | 000,230,400 | ---- | M] (OpenOffice.org)
"{b2c761c6-29bc-4f19-9251-e6195265baf1}" [HKLM] -> C:\Windows\System32\colorcpl.exe [Color Control Panel Applet] -> [2006/11/02 09:44:59 | 000,084,992 | ---- | M] (Microsoft Corporation)
"{B32D3949-ED98-4DBB-B347-17A144969BBA}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Item Properties Extension] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" [HKLM] -> Reg Error: Key error. [iTunes] -> File not found
"{BC48B32F-5910-47F5-8570-5074A8A5636A}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Results Delegate Folder] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{BC65FB43-1958-4349-971A-210290480130}" [HKLM] -> C:\Windows\System32\NcdProp.dll [Network Explorer Property Sheet Handler] -> [2009/04/11 06:28:22 | 000,019,968 | ---- | M] (Microsoft Corporation)
"{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}" [HKLM] -> C:\Windows\System32\mssvp.dll [Client Side Cache Namespace Extension] -> [2009/04/11 06:28:22 | 000,670,720 | ---- | M] (Microsoft Corporation)
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] -> Reg Error: Key error. [Microsoft Office Thumbnail Handler] -> File not found
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" [HKLM] -> C:\Program Files\Office Suite X 3\Basis\program\shlxthdl\shlxthdl.dll [Office Suite X Column Handler] -> [2011/12/17 19:15:34 | 000,293,888 | ---- | M] (OpenOffice.org)
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" [HKLM] -> C:\Windows\System32\MediaMetadataHandler.dll [Video Thumbnail Extractor] -> [2009/04/11 06:28:20 | 000,356,864 | ---- | M] (Microsoft Corporation)
"{C8494E42-ACDD-4739-B0FB-217361E4894F}" [HKLM] -> Reg Error: Key error. [Sam Account Folder] -> File not found
"{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1}" [HKLM] -> C:\Windows\System32\oobefldr.dll [Welcome Center] -> [2009/04/11 06:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" [HKLM] -> C:\Windows\System32\shwebsvc.dll [Web Publishing Wizard] -> [2009/04/11 06:28:24 | 000,425,472 | ---- | M] (Microsoft Corporation)
"{CF67796C-F57F-45F8-92FB-AD698826C602}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [contact_wab_auto_file] -> [2009/04/11 06:28:25 | 000,707,584 | ---- | M] (Microsoft Corporation)
"{d3e34b21-9d75-101a-8c3d-00aa001a1652}" [HKLM] -> C:\Windows\System32\mspaint.exe [Bitmap Image] -> [2008/01/21 02:24:56 | 000,485,376 | ---- | M] (Microsoft Corporation)
"{d8559eb9-20c0-410e-beda-7ed416aecc2a}" [HKLM] -> C:\Program Files\Windows Defender\MSASCui.exe [Windows Defender] -> [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation)
"{da67b8ad-e81b-4c70-9b91b417b5e33527}" [HKLM] -> Reg Error: Key error. [Windows Search Shell Service] -> File not found
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" [HKLM] -> C:\Windows\System32\colorui.dll [ICC Profile] -> [2008/01/21 02:24:36 | 000,686,592 | ---- | M] (Microsoft Corporation)
"{E29F9716-5C08-4FCD-955A-119FDB5A522D}" [HKLM] -> Reg Error: Key error. [Sam Account Folder] -> File not found
"{E413D040-6788-4C22-957E-175D1C513A34}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Conflict Delegate Folder] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{E44E5D18-0652-4508-A4E2-8A090067BCB0}" [HKLM] -> C:\Windows\System32\control.exe [Default Programs command object for Start menu] -> [2006/11/02 09:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation)
"{E598560B-28D5-46aa-A14A-8A3BEA34B576}" [HKLM] -> C:\Program Files\Windows Photo Gallery\PhotoViewer.dll [Windows Photo Gallery Viewer Video Verbs] -> [2009/04/11 06:28:23 | 002,323,968 | ---- | M] (Microsoft Corporation)
"{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60}" [HKLM] -> C:\Windows\System32\gameux.dll [RichGameMediaPropertyStore Class] -> [2009/04/11 06:28:19 | 001,696,768 | ---- | M] (Microsoft Corporation)
"{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}" [HKLM] -> C:\Windows\System32\gameux.dll [Games Folder] -> [2009/04/11 06:28:19 | 001,696,768 | ---- | M] (Microsoft Corporation)
"{F04CC277-03A2-4277-96A9-77967471BDFF}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Conflict Properties Extension] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> c:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> [2011/01/03 11:28:21 | 000,063,168 | ---- | M] (RealNetworks, Inc.)
"{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Setup Delegate Folder] -> [2009/04/11 06:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation)
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" [HKLM] -> Reg Error: Key error. [IE User Assist] -> File not found
"{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" [HKLM] -> C:\Windows\System32\wercon.exe [Problem Reports and Solutions] -> [2009/04/11 06:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation)
"{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" [HKLM] -> C:\Program Files\Windows Photo Gallery\PhotoViewer.dll [Windows Photo Gallery Viewer Image Verbs] -> [2009/04/11 06:28:23 | 002,323,968 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk ->  -> File not found
C:^Users^currys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe -> [2011/09/30 18:04:54 | 000,142,848 | ---- | M] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
4oD hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Kontiki\KHost.exe -> [2009/01/02 12:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.)
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2012/07/27 20:51:26 | 000,919,008 | ---- | M] (Adobe Systems Incorporated)
kdx hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Kontiki\KHost.exe -> [2009/01/02 12:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.)
MSC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Microsoft Security Client\msseces.exe -> [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation)
NvCplDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
NvMediaCenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2010/11/29 17:38:18 | 000,421,888 | ---- | M] (Apple Inc.)
SmpcSys hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe -> [2008/07/07 15:26:28 | 001,038,136 | ---- | M] (Packard Bell BV)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2012/07/03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.)
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Real\RealPlayer\update\realsched.exe -> [2011/01/03 11:28:10 | 000,274,608 | ---- | M] (RealNetworks, Inc.)
WMPNSCFG hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2008/01/21 02:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
FastUserSwitchingCompatibility ->  -> File not found
Ias -> C:\Windows\System32\ias.dll -> [2008/01/21 02:24:07 | 000,018,944 | ---- | M] (Microsoft Corporation)
Nla ->  -> File not found
Ntmssvc ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
SRService ->  -> File not found
WmdmPmSp ->  -> File not found
LogonHours ->  -> File not found
PCAudit ->  -> File not found
helpsvc ->  -> File not found
uploadmgr ->  -> File not found
ezSharedSvc -> C:\Windows\System32\ezsvc7.dll -> [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS)
*MultiFile Done* -> -> 
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"cval" ->  [1] -> File not found
\\"FirewallDisableNotify" ->  [0] -> File not found
\\"AntiVirusDisableNotify" ->  [0] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
\Monitoring\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Monitoring\SymantecAntiVirus\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"AntiVirusOverride" ->  [0] -> File not found
\Svc\\"AntiSpywareOverride" ->  [0] -> File not found
\Svc\\"FirewallOverride" ->  [0] -> File not found
\Svc\\"VistaSp1" -> Reg Error: Unknown registry data type [Reg Error: Unknown registry data type] -> File not found
\Svc\\"VistaSp2" -> Reg Error: Unknown registry data type [Reg Error: Unknown registry data type] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> -> 
< System Restore User Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore -> 
"DisableSR" -> 0 -> 
< Windows Firewall Group Policy Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> 
< Windows DomainProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
\\"EnableFirewall" ->  [1] -> File not found
\\"DisableNotifications" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ -> -> 
< Windows StandardProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [1] -> File not found
\\"DisableNotifications" ->  [0] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> -> 
< Windows StandardProfile GloballyOpenPorts Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 29/11/2012 16:30:25 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 16:30:25 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 16:35:49 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 16:35:49 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 18:26:59 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 18:26:59 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 18:30:36 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 18:30:36 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 18:32:09 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered  .  
Application [ Error ] 29/11/2012 18:32:09 Computer Name = Eamonns | Source = Windows Search Service | ID = 3083 -> Description = The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered  .  
DFS Replication [ Error ] 12/11/2012 18:30:05 Computer Name = Eamonns | Source = DFSR | ID = 6104 -> Description = The DFS Replication service failed to register the WMI providers. Replication  is disabled until the problem is resolved.        Additional Information:    Error: 2147749939 (1033)
DFS Replication [ Error ] 12/11/2012 18:30:05 Computer Name = Eamonns | Source = DFSR | ID = 6104 -> Description = The DFS Replication service failed to register the WMI providers. Replication  is disabled until the problem is resolved.        Additional Information:    Error: 2147943515 (A system shutdown is in progress.)
OSession [ Error ] 07/07/2009 16:32:25 Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = 
OSession [ Error ] 07/07/2009 16:44:49 Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = 
OSession [ Error ] 07/07/2009 16:50:58 Computer Name = Eamonns | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = 
System [ Error ] 29/11/2012 14:03:22 Computer Name = Eamonns | Source = Service Control Manager | ID = 7001 -> Description = 
System [ Error ] 29/11/2012 14:04:00 Computer Name = Eamonns | Source = Service Control Manager | ID = 7022 -> Description = 
System [ Error ] 29/11/2012 14:04:00 Computer Name = Eamonns | Source = Service Control Manager | ID = 7023 -> Description = 
System [ Error ] 29/11/2012 14:06:30 Computer Name = Eamonns | Source = Service Control Manager | ID = 7009 -> Description = 
System [ Error ] 29/11/2012 14:15:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 29/11/2012 14:15:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 29/11/2012 14:15:35 Computer Name = Eamonns | Source = Service Control Manager | ID = 7001 -> Description = 
System [ Error ] 29/11/2012 14:16:14 Computer Name = Eamonns | Source = Service Control Manager | ID = 7022 -> Description = 
System [ Error ] 29/11/2012 14:16:16 Computer Name = Eamonns | Source = Service Control Manager | ID = 7023 -> Description = 
System [ Error ] 29/11/2012 14:18:44 Computer Name = Eamonns | Source = Service Control Manager | ID = 7009 -> Description = 
 
[Files/Folders - Created Within 30 Days]
 ERUNT -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT -> [2012/11/28 23:02:45 | 000,000,000 | ---D | C]
 ERUNT -> C:\Program Files\ERUNT -> [2012/11/28 23:02:43 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/11/24 21:06:30 | 000,000,000 | -HSD | C]
 temp -> C:\Windows\temp -> [2012/11/24 21:06:25 | 000,000,000 | ---D | C]
 temp -> C:\Users\currys\AppData\Local\temp -> [2012/11/24 21:06:25 | 000,000,000 | ---D | C]
 {C4C59922-786C-47A7-B084-E63499F113FF} -> C:\Users\currys\AppData\Local\{C4C59922-786C-47A7-B084-E63499F113FF} -> [2012/11/20 22:39:42 | 000,000,000 | ---D | C]
 javaw.exe -> C:\Windows\System32\javaw.exe -> [2012/11/18 22:35:32 | 000,174,056 | ---- | C] (Oracle Corporation)
 java.exe -> C:\Windows\System32\java.exe -> [2012/11/18 22:35:32 | 000,174,056 | ---- | C] (Oracle Corporation)
 WindowsAccessBridge.dll -> C:\Windows\System32\WindowsAccessBridge.dll -> [2012/11/18 22:35:32 | 000,093,672 | ---- | C] (Oracle Corporation)
 {F2901A73-B6C9-45E9-ACA6-EE6EAA76E1E6} -> C:\Users\currys\AppData\Local\{F2901A73-B6C9-45E9-ACA6-EE6EAA76E1E6} -> [2012/11/18 22:20:26 | 000,000,000 | ---D | C]
 {4110471B-C08F-4271-9A27-EDDF84E7467F} -> C:\Users\currys\AppData\Local\{4110471B-C08F-4271-9A27-EDDF84E7467F} -> [2012/11/18 00:18:23 | 000,000,000 | ---D | C]
 SparkTrust -> C:\Users\currys\AppData\Roaming\SparkTrust -> [2012/11/16 23:32:56 | 000,000,000 | ---D | C]
 SparkTrust -> C:\ProgramData\SparkTrust -> [2012/11/16 23:32:49 | 000,000,000 | ---D | C]
 Debug -> C:\Windows\Debug -> [2012/11/16 16:56:13 | 000,000,000 | ---D | C]
 d9a7c4231542d8d40840 -> C:\d9a7c4231542d8d40840 -> [2012/11/16 14:50:56 | 000,000,000 | ---D | C]
 {6190B837-FFCF-4CDE-9E3E-D2B228C550DC} -> C:\Users\currys\AppData\Local\{6190B837-FFCF-4CDE-9E3E-D2B228C550DC} -> [2012/11/16 10:39:41 | 000,000,000 | ---D | C]
 {9F841408-9FFE-45A9-A5ED-63179AF1EBBD} -> C:\Users\currys\AppData\Local\{9F841408-9FFE-45A9-A5ED-63179AF1EBBD} -> [2012/11/15 22:39:30 | 000,000,000 | ---D | C]
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/11/15 22:12:06 | 000,060,416 | ---- | C] (NirSoft)
 Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2012/11/15 20:46:13 | 000,000,000 | ---D | C]
 {2233E538-7E4D-4263-8AF0-1E5312C77389} -> C:\Users\currys\AppData\Local\{2233E538-7E4D-4263-8AF0-1E5312C77389} -> [2012/11/15 19:29:05 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2012/11/15 19:26:07 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2012/11/15 19:26:07 | 000,406,528 | ---- | C] (SteelWerX)
 Qoobox -> C:\Qoobox -> [2012/11/15 19:25:49 | 000,000,000 | ---D | C]
 {25B72BC7-E0F1-4B50-BDA8-7B447E2D0238} -> C:\Users\currys\AppData\Local\{25B72BC7-E0F1-4B50-BDA8-7B447E2D0238} -> [2012/11/14 18:47:25 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic -> [2012/11/13 22:32:04 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\Program Files\ParetoLogic -> [2012/11/13 22:31:59 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\Program Files\Common Files\ParetoLogic -> [2012/11/13 22:31:59 | 000,000,000 | ---D | C]
 {C70DEA56-6D7C-4E30-8972-4F7EA121558A} -> C:\Users\currys\AppData\Local\{C70DEA56-6D7C-4E30-8972-4F7EA121558A} -> [2012/11/13 22:28:06 | 000,000,000 | ---D | C]
 PC Utility Kit -> C:\Users\currys\AppData\Roaming\PC Utility Kit -> [2012/11/13 22:22:08 | 000,000,000 | ---D | C]
 PC Utility Kit -> C:\ProgramData\PC Utility Kit -> [2012/11/13 22:22:01 | 000,000,000 | ---D | C]
 {9455DC71-DBCE-417B-B0C5-18E56635D2CC} -> C:\Users\currys\AppData\Local\{9455DC71-DBCE-417B-B0C5-18E56635D2CC} -> [2012/11/12 23:48:13 | 000,000,000 | ---D | C]
 XAudio2_5.dll -> C:\Windows\System32\XAudio2_5.dll -> [2012/11/12 23:30:24 | 000,515,416 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\System32\d3dx10_42.dll -> [2012/11/12 23:30:24 | 000,453,456 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\System32\XAPOFX1_3.dll -> [2012/11/12 23:30:24 | 000,069,464 | ---- | C] (Microsoft Corporation)
 d3dx9_32.dll -> C:\Windows\System32\d3dx9_32.dll -> [2012/11/12 23:29:57 | 003,426,072 | ---- | C] (Microsoft Corporation)
 _OTM -> C:\_OTM -> [2012/11/12 22:36:11 | 000,000,000 | ---D | C]
 64dfc7bf1d8f5d8719b73eb166 -> C:\64dfc7bf1d8f5d8719b73eb166 -> [2012/11/12 18:01:18 | 000,000,000 | ---D | C]
 {05918243-4AB3-420A-8019-8994807C2566} -> C:\Users\currys\AppData\Local\{05918243-4AB3-420A-8019-8994807C2566} -> [2012/11/12 17:45:14 | 000,000,000 | ---D | C]
 Kodak -> C:\ProgramData\Kodak -> [2012/11/11 17:27:17 | 000,000,000 | ---D | C]
 kodak -> C:\Windows\System32\kodak -> [2012/11/11 17:27:11 | 000,000,000 | ---D | C]
 Innovative Solutions -> C:\Users\currys\AppData\Local\Innovative Solutions -> [2012/11/11 12:46:53 | 000,000,000 | ---D | C]
 Config.Msi -> C:\Config.Msi -> [2012/11/09 23:17:19 | 000,000,000 | ---D | C]
 Perion -> C:\Program Files\Perion -> [2012/11/09 23:02:27 | 000,000,000 | ---D | C]
 msvcr100.dll -> C:\Windows\System32\msvcr100.dll -> [2012/11/09 23:02:15 | 000,773,968 | ---- | C] (Microsoft Corporation)
 msvcr80.dll -> C:\Windows\System32\msvcr80.dll -> [2012/11/09 23:02:15 | 000,632,656 | ---- | C] (Microsoft Corporation)
 msvcp80.dll -> C:\Windows\System32\msvcp80.dll -> [2012/11/09 23:02:15 | 000,554,832 | ---- | C] (Microsoft Corporation)
 msvcm80.dll -> C:\Windows\System32\msvcm80.dll -> [2012/11/09 23:02:15 | 000,479,232 | ---- | C] (Microsoft Corporation)
 msvcp100.dll -> C:\Windows\System32\msvcp100.dll -> [2012/11/09 23:02:15 | 000,421,200 | ---- | C] (Microsoft Corporation)
 _OTL -> C:\_OTL -> [2012/11/03 20:31:16 | 000,000,000 | ---D | C]
 {E0BA36D2-AFBC-47DF-B974-4EE71AFC1A6C} -> C:\Users\currys\AppData\Local\{E0BA36D2-AFBC-47DF-B974-4EE71AFC1A6C} -> [2012/11/03 01:02:08 | 000,000,000 | ---D | C]
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/11/29 22:34:15 | 000,000,830 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/11/29 22:14:41 | 000,003,344 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/11/29 22:14:41 | 000,003,344 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/11/29 22:03:00 | 000,000,886 | ---- | M] ()
 Recovery DVD Creator-currys.job -> C:\Windows\tasks\Recovery DVD Creator-currys.job -> [2012/11/29 22:00:01 | 000,000,342 | ---- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2012/11/29 18:20:14 | 000,668,492 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2012/11/29 18:20:14 | 000,136,860 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/11/29 18:16:24 | 000,000,882 | ---- | M] ()
 ParetoLogic Update Version3 Startup Task.job -> C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job -> [2012/11/29 18:16:19 | 000,000,472 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012/11/29 18:14:36 | 000,067,584 | --S- | M] ()
 fix.reg -> C:\Users\currys\Desktop\fix.reg -> [2012/11/29 18:12:32 | 000,000,229 | ---- | M] ()
 ParetoLogic Update Version3.job -> C:\Windows\tasks\ParetoLogic Update Version3.job -> [2012/11/28 23:08:55 | 000,000,420 | ---- | M] ()
 ERUNT AutoBackup.lnk -> C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2012/11/28 23:02:50 | 000,000,915 | ---- | M] ()
 NTREGOPT.lnk -> C:\Users\currys\Desktop\NTREGOPT.lnk -> [2012/11/28 23:02:45 | 000,000,735 | ---- | M] ()
 ERUNT.lnk -> C:\Users\currys\Desktop\ERUNT.lnk -> [2012/11/28 23:02:45 | 000,000,716 | ---- | M] ()
 hosts -> C:\Windows\System32\drivers\etc\hosts -> [2012/11/24 20:59:09 | 000,000,027 | ---- | M] ()
 ParetoLogic Registration3.job -> C:\Windows\tasks\ParetoLogic Registration3.job -> [2012/11/24 18:00:00 | 000,000,446 | ---- | M] ()
 PC Health Advisor Defrag.job -> C:\Windows\tasks\PC Health Advisor Defrag.job -> [2012/11/22 02:22:00 | 000,000,378 | ---- | M] ()
 Auslogics Registry Cleaner.lnk -> C:\Users\currys\Desktop\Auslogics Registry Cleaner.lnk -> [2012/11/16 23:15:18 | 000,001,076 | ---- | M] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\currys\Desktop\ComboFix.exe - Shortcut.lnk -> [2012/11/15 22:09:00 | 000,000,545 | ---- | M] ()
 0 -> C:\0 -> [2012/11/15 22:08:27 | 000,000,376 | ---- | M] ()
 mail.btinternet.com.iaf -> C:\Users\currys\Documents\mail.btinternet.com.iaf -> [2012/11/13 22:57:16 | 000,000,920 | ---- | M] ()
 PC Health Advisor.job -> C:\Windows\tasks\PC Health Advisor.job -> [2012/11/13 22:35:04 | 000,000,360 | ---- | M] ()
 ParetoLogic PC Health Advisor.lnk -> C:\Users\currys\Desktop\ParetoLogic PC Health Advisor.lnk -> [2012/11/13 22:32:04 | 000,000,898 | ---- | M] ()
 cc_20121110_162254.reg -> C:\Users\currys\Documents\cc_20121110_162254.reg -> [2012/11/10 16:23:03 | 000,113,010 | ---- | M] ()
 user.js -> C:\user.js -> [2012/11/09 23:02:24 | 000,000,450 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2012/11/09 22:52:17 | 000,329,048 | ---- | M] ()
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 fix.reg -> C:\Users\currys\Desktop\fix.reg -> [2012/11/29 18:12:32 | 000,000,229 | ---- | C] ()
 ERUNT AutoBackup.lnk -> C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2012/11/28 23:02:50 | 000,000,915 | ---- | C] ()
 NTREGOPT.lnk -> C:\Users\currys\Desktop\NTREGOPT.lnk -> [2012/11/28 23:02:45 | 000,000,735 | ---- | C] ()
 ERUNT.lnk -> C:\Users\currys\Desktop\ERUNT.lnk -> [2012/11/28 23:02:45 | 000,000,716 | ---- | C] ()
 Auslogics Registry Cleaner.lnk -> C:\Users\currys\Desktop\Auslogics Registry Cleaner.lnk -> [2012/11/16 23:15:18 | 000,001,076 | ---- | C] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\currys\Desktop\ComboFix.exe - Shortcut.lnk -> [2012/11/15 22:09:00 | 000,000,545 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2012/11/15 19:26:07 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2012/11/15 19:26:07 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2012/11/15 19:26:07 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2012/11/15 19:26:07 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2012/11/15 19:26:07 | 000,068,096 | ---- | C] ()
 mail.btinternet.com.iaf -> C:\Users\currys\Documents\mail.btinternet.com.iaf -> [2012/11/13 22:57:16 | 000,000,920 | ---- | C] ()
 ParetoLogic Registration3.job -> C:\Windows\tasks\ParetoLogic Registration3.job -> [2012/11/13 22:32:18 | 000,000,446 | ---- | C] ()
 ParetoLogic PC Health Advisor.lnk -> C:\Users\currys\Desktop\ParetoLogic PC Health Advisor.lnk -> [2012/11/13 22:32:04 | 000,000,898 | ---- | C] ()
 ParetoLogic Update Version3 Startup Task.job -> C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job -> [2012/11/13 22:32:03 | 000,000,472 | ---- | C] ()
 ParetoLogic Update Version3.job -> C:\Windows\tasks\ParetoLogic Update Version3.job -> [2012/11/13 22:32:03 | 000,000,420 | ---- | C] ()
 PC Health Advisor Defrag.job -> C:\Windows\tasks\PC Health Advisor Defrag.job -> [2012/11/13 22:32:02 | 000,000,378 | ---- | C] ()
 PC Health Advisor.job -> C:\Windows\tasks\PC Health Advisor.job -> [2012/11/13 22:32:01 | 000,000,360 | ---- | C] ()
 cc_20121110_162254.reg -> C:\Users\currys\Documents\cc_20121110_162254.reg -> [2012/11/10 16:22:58 | 000,113,010 | ---- | C] ()
 user.js -> C:\user.js -> [2012/11/09 23:02:23 | 000,000,450 | ---- | C] ()
 mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2012/09/21 17:39:10 | 000,074,703 | ---- | C] ()
 _MSRSTRT.EXE -> C:\Windows\_MSRSTRT.EXE -> [2012/07/06 12:47:29 | 000,002,560 | ---- | C] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2012/07/01 00:13:20 | 000,329,048 | ---- | C] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2012/06/24 10:02:02 | 000,000,487 | ---- | C] ()
 {A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5} -> C:\Users\currys\AppData\Local\{A2C1D9E5-EF1E-4CB1-929A-1596A9DD93C5} -> [2012/01/29 11:35:23 | 000,000,000 | ---- | C] ()
 RtNicProp32.dll -> C:\Windows\System32\RtNicProp32.dll -> [2011/12/26 13:05:56 | 000,080,416 | ---- | C] ()
 repository.xml -> C:\ProgramData\repository.xml -> [2011/12/02 22:16:09 | 000,001,043 | ---- | C] ()
 fusioncache.dat -> C:\Users\currys\AppData\Local\fusioncache.dat -> [2011/06/17 20:23:38 | 000,000,094 | ---- | C] ()
 Irremote.ini -> C:\Windows\Irremote.ini -> [2011/03/03 20:18:09 | 000,000,000 | ---- | C] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/02/06 00:16:30 | 000,000,258 | R-S- | C] ()
[Custom Scans]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE /s >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
\\"" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE] -> [2012/10/11 22:23:04 | 000,748,680 | ---- | M] (Microsoft Corporation)
\\"Path" ->  [C:\Program Files\Internet Explorer;] -> File not found
 
[Alternate Data Streams]
@Alternate Data Stream - 1077 bytes -> C:\Users\currys\Documents\Reply to thread 'Internet Options in Control Panel missing'.eml:OECustomProperty
< End of report >
```


----------



## eddie5659 (Mar 19, 2001)

Well, its there 

Does it say anything when you try and open it now, or does nothing happen when you click the icon?

I'm looking at the Vista laptop I've just booted up, so will save what I have there, to see if it matches.

Using SystemLook, can you run this code:


```
:regfind
iexplore.exe
```
Also, doing a spot of tinkering, so may post something else, but lets see if the above sheds any light to start with


----------



## baffledUK (Jul 2, 2012)

It does nothing when I click on icon, circle for a few seconds then nothing.

SystemLook 30.07.11 by jpshortstuff
Log created at 22:12 on 02/12/2012 by currys
Administrator - Elevation successful

========== regfind ==========

Searching for "iexplore.exe"
[HKEY_CURRENT_USER\Software\2VG\Internet Download Accelerator]
"SmartPrograms"="iexplore.exe firefox.exe:80 opera.exe:80 avant.exe maxthon.exe myie.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
"e"="iexplore.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx]
"c"="iexplore.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\CustomerWatson\iexplore.exe]
[HKEY_CURRENT_USER\Software\Classes\ftp\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_en-us_8bddb609fd5ad587\f256!iexplore.exe.mui]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_none_0179e7da91c36af6\f256!iexplore.exe]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_en-us_95b44cde7f353ce6\f256!iexplore.exe.mui]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_none_aeda5f52694b5669\f256!iexplore.exe]
[HKEY_LOCAL_MACHINE\Schema\wcm://Microsoft-Windows-IE-ClientNetworkProtocolImplementation?version=9.1.8112.16443&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\iexplore.exe]
[HKEY_LOCAL_MACHINE\Schema\wcm://Microsoft-Windows-IE-ClientNetworkProtocolImplementation?version=9.1.8112.16450&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\iexplore.exe]
[HKEY_LOCAL_MACHINE\Schema\wcm://Microsoft-Windows-shell32?version=6.0.6002.18393&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\HKEY_CLASSES_ROOT_.swf_OpenWithList_IExplore.exe_defaultValue]
[HKEY_LOCAL_MACHINE\Schema\wcm://Microsoft-Windows-shell32?version=6.0.6002.18646&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\HKEY_CLASSES_ROOT_.swf_OpenWithList_IExplore.exe_defaultValue]
[HKEY_LOCAL_MACHINE\Schema\wcm://Microsoft-Windows-TabletPC-UIHub?version=6.0.6001.18000&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\iexplore.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\IExplore.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithList\IExplore.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32]
@=""C:\Program Files\Internet Explorer\iexplore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30590066-98b5-11cf-bb82-00aa00bdce0b}\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30590067-98b5-11cf-bb82-00aa00bdce0b}\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@=""%programfiles%\internet explorer\iexplore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ToolboxBitmap32]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF4FCC34-067A-4E0A-8352-4A1A5095346E}\LocalServer32]
@=""%ProgramFiles%\Internet Explorer\iexplore.exe" -startmanager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon]
@="%ProgramFiles%\Internet Explorer\iexplore.exe,-17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.PARTIAL\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.PARTIAL\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.SVG\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.SVG\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.SVG\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.WEBSITE\Shell\Open\Command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -w "%l" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.XHT\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-19"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.XHT\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.XHT\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon]
@="%ProgramFiles%\Internet Explorer\iexplore.exe,-32554"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Website\Shell\Open\Command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -w "%l" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\svgfile\DefaultIcon]
@="%ProgramFiles%\Internet Explorer\iexplore.exe,-17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\svgfile\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\svgfile\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xhtmlfile\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xhtmlfile\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="IEXPLORE.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\LMZ_LOCKDOWN]
"ValueName"="iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Capabilities]
"ApplicationDescription"="@C:\Program Files\Internet Explorer\iexplore.exe,-706"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Capabilities\Startmenu]
"StartmenuInternet"="IEXPLORE.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{0002df01-0000-0000-c000-000000000046}]
"AppName"="iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}]
"AppName"="iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m2v]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mod]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"ReplaceApps"="wmplayer.exe|iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iexplore.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\System Programs]
"iexplore"="iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]
@="C:\Program Files\Internet Explorer\IEXPLORE.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_en-us_8bddb609fd5ad587\f256!iexplore.exe.mui]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_none_0179e7da91c36af6\f256!iexplore.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_en-us_95b44cde7f353ce6\f256!iexplore.exe.mui]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_none_aeda5f52694b5669\f256!iexplore.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\PenService]
"iexplore.exe"="596fd73c-fff3-4d3f-81d3-8af2955f3547"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\Windows Error Reporting\CustomerWatson\iexplore.exe]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\Windows Error Reporting\CustomerWatson\iexplore.exe]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\2VG\Internet Download Accelerator]
"SmartPrograms"="iexplore.exe firefox.exe:80 opera.exe:80 avant.exe maxthon.exe myie.exe"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
"e"="iexplore.exe"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx]
"c"="iexplore.exe"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Microsoft\Windows\Windows Error Reporting\CustomerWatson\iexplore.exe]
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000\Software\Classes\ftp\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1000_Classes\ftp\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"
[HKEY_USERS\S-1-5-21-118059262-2797764304-1290977041-1006\Software\Microsoft\Windows\Windows Error Reporting\CustomerWatson\iexplore.exe]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, I've done a compare between yours and mine, and now its the task of sorting out what is needed, and which is just related to your computer, as everyone's pc is different.

Give me a few days or so to research them


----------



## eddie5659 (Mar 19, 2001)

Still looking at some things, but in the meantime, can you do this for me:

Click* Start*, and then click *Default Programs*.
Click *Set program access and computer defaults*.
Under *Choose a configuration*, click* Custom*.

Is there a tickbox next to *Enable access to this program* box next to *Internet Explorer*?

Also, whilst you're in there, which configuration is being used? There should be 3:

Microsoft Windows
Non-Microsoft
Custom


----------



## baffledUK (Jul 2, 2012)

hi Eddie. Was set like this already. Everything is there. Tried to tick IE in custom, but still retains 'use my current web browser'. Configuration will not change is that OK?


----------



## eddie5659 (Mar 19, 2001)

Yep, that's fine 

In the Windows one, does it say Web Browser to be Internet Explorer as the main one, or just in the Enable Access?


----------



## eddie5659 (Mar 19, 2001)

Using Systemlook again, can you run the following code:


```
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xmlfile\shell\Open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xslfile\shell\Open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\opennew\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.FTP\shell\open\command / s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\DefaultIcon /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\opennew\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\opennew\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom\command /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options /s
```


----------



## baffledUK (Jul 2, 2012)

In Windows IE is the main one, here's the report

SystemLook 30.07.11 by jpshortstuff
Log created at 22:19 on 09/12/2012 by currys
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xmlfile\shell\Open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xslfile\shell\Open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command]
@=""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.FTP\shell\open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\DefaultIcon]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\opennew\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\opennew\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE]
@="Internet Explorer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-9"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"HideIconsCommand"=""C:\Windows\system32\ie4uinit.exe" -hide"
"ShowIconsCommand"=""C:\Windows\system32\ie4uinit.exe" -show"
"ReinstallCommand"=""C:\Windows\system32\ie4uinit.exe" -reinstall"
"IconsVisible"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom]
"MUIVerb"="@C:\Windows\System32\ieframe.dll,-39229"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom\command]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom\command]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll"= 0x0000000001 (1)
"mscorwks.dll"= 0x0000000001 (1)
"mso.dll"= 0x0000000001 (1)
"msjava.dll"= 0x0000000001 (1)
"msci_uno.dll"= 0x0000000001 (1)
"jvm.dll"= 0x0000000001 (1)
"jvm_g.dll"= 0x0000000001 (1)
"javai.dll"= 0x0000000001 (1)
"vb40032.dll"= 0x0000000001 (1)
"vbe6.dll"= 0x0000000001 (1)
"ums.dll"= 0x0000000001 (1)
"main123w.dll"= 0x0000000001 (1)
"udtapi.dll"= 0x0000000001 (1)
"mscorsvr.dll"= 0x0000000001 (1)
"eMigrationmmc.dll"= 0x0000000001 (1)
"eProcedureMMC.dll"= 0x0000000001 (1)
"eQueryMMC.dll"= 0x0000000001 (1)
"EncryptPatchVer.dll"= 0x0000000001 (1)
"Cleanup.dll"= 0x0000000001 (1)
"divx.dll"= 0x0000000001 (1)
"divxdec.ax"= 0x0000000001 (1)
"fullsoft.dll"= 0x0000000001 (1)
"NSWSTE.dll"= 0x0000000001 (1)
"ASSTE.dll"= 0x0000000001 (1)
"NPMLIC.dll"= 0x0000000001 (1)
"PMSTE.dll"= 0x0000000001 (1)
"AVSTE.dll"= 0x0000000001 (1)
"NAVOPTRF.dll"= 0x0000000001 (1)
"DRMINST.dll"= 0x0000000001 (1)
"TFDTCTT8.dll"= 0x0000000001 (1)
"DJSMAR00.dll"= 0x0000000001 (1)
"xlmlEN.dll"= 0x0000000001 (1)
"ISSTE.dll"= 0x0000000001 (1)
"symlcnet.dll"= 0x0000000001 (1)
"ppw32hlp.dll"= 0x0000000001 (1)
"Apitrap.dll"= 0x0000000001 (1)
"Vegas60k.dll"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerPlugin_11_5_502_110.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_11_5_502_110_Plugin.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe]
"ExecuteOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
(No values found)

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, we're going to try an import again. Can you do a backup again using Erunt as you did here:

http://forums.techguy.org/8538580-post168.html

Now, copy/paste the following line into a new Notepad file. Then click File | Save As, and in the *File Name*, call it *fix2.reg*. Ensure the *Save as Type* is showing as *All Files*. 
Save it to your Desktop.


```
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.FTP\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\DefaultIcon]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe,-32554"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE]
"LocalizedString"="@C:\\Program Files\\Internet Explorer\\iexplore.exe,-702"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -extoff"
```
Locate the *fix2.reg* file on your Desktop, doubleclick and when the option appears saying *Are you sure you want to Add the information in fix.reg to the Registry?*, select *Yes*.

Reboot and see if that works.

Also, can you re-run SystemLook with the same code as you did before, here:

http://forums.techguy.org/8549140-post184.html

eddie


----------



## baffledUK (Jul 2, 2012)

no joy ran as requested

SystemLook 30.07.11 by jpshortstuff
Log created at 00:59 on 16/12/2012 by currys
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xmlfile\shell\Open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xslfile\shell\Open\command]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\open\command]
@=""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.FTP\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-32554"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.MHT\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\opennew\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE]
@="Internet Explorer"
"LocalizedString"="@C:\Program Files\Internet Explorer\iexplore.exe,-702"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\DefaultIcon]
@="C:\Program Files\Internet Explorer\iexplore.exe,-9"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"HideIconsCommand"=""C:\Windows\system32\ie4uinit.exe" -hide"
"ShowIconsCommand"=""C:\Windows\system32\ie4uinit.exe" -show"
"ReinstallCommand"=""C:\Windows\system32\ie4uinit.exe" -reinstall"
"IconsVisible"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom]
"MUIVerb"="@C:\Windows\System32\ieframe.dll,-39229"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -extoff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -extoff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll"= 0x0000000001 (1)
"mscorwks.dll"= 0x0000000001 (1)
"mso.dll"= 0x0000000001 (1)
"msjava.dll"= 0x0000000001 (1)
"msci_uno.dll"= 0x0000000001 (1)
"jvm.dll"= 0x0000000001 (1)
"jvm_g.dll"= 0x0000000001 (1)
"javai.dll"= 0x0000000001 (1)
"vb40032.dll"= 0x0000000001 (1)
"vbe6.dll"= 0x0000000001 (1)
"ums.dll"= 0x0000000001 (1)
"main123w.dll"= 0x0000000001 (1)
"udtapi.dll"= 0x0000000001 (1)
"mscorsvr.dll"= 0x0000000001 (1)
"eMigrationmmc.dll"= 0x0000000001 (1)
"eProcedureMMC.dll"= 0x0000000001 (1)
"eQueryMMC.dll"= 0x0000000001 (1)
"EncryptPatchVer.dll"= 0x0000000001 (1)
"Cleanup.dll"= 0x0000000001 (1)
"divx.dll"= 0x0000000001 (1)
"divxdec.ax"= 0x0000000001 (1)
"fullsoft.dll"= 0x0000000001 (1)
"NSWSTE.dll"= 0x0000000001 (1)
"ASSTE.dll"= 0x0000000001 (1)
"NPMLIC.dll"= 0x0000000001 (1)
"PMSTE.dll"= 0x0000000001 (1)
"AVSTE.dll"= 0x0000000001 (1)
"NAVOPTRF.dll"= 0x0000000001 (1)
"DRMINST.dll"= 0x0000000001 (1)
"TFDTCTT8.dll"= 0x0000000001 (1)
"DJSMAR00.dll"= 0x0000000001 (1)
"xlmlEN.dll"= 0x0000000001 (1)
"ISSTE.dll"= 0x0000000001 (1)
"symlcnet.dll"= 0x0000000001 (1)
"ppw32hlp.dll"= 0x0000000001 (1)
"Apitrap.dll"= 0x0000000001 (1)
"Vegas60k.dll"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerPlugin_11_5_502_110.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_11_5_502_110_Plugin.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe]
"ExecuteOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
(No values found)

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Hmmm, looks like it didn't merge 

Lets have a look to see if its still a txt file.

Set Explorer to view Known Extensions:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Untick *Hide Extensions for known file types*
Select *Apply to All Folders *| *Yes* | *Apply* |* OK*.

Then, go back and look at the fix2.reg

Is it showing as *fix2.reg.txt*?

If so, rename it just to *fix2.reg* and try again.


----------



## eddie5659 (Mar 19, 2001)

Just replying now, but it looks like it did merge okay. I'll have another think tonight


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if there is a rootkit hiding in there:

Please download *GMER* from one of the following locations and save it to your desktop:
Main Mirror
_This version will download a randomly named file (Recommended)_
Zipped Mirror
_This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop._

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._










GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and be sure to *re-enable* your anti-virus, Firewall and any other security programs you had disabled.
_-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, *uncheck* Devices on the right side before scanning_.


----------



## baffledUK (Jul 2, 2012)

Have struggled it get this to run, tried in normal mode computer crashed part way through scan. Then tried in safe mode crashed again, so unclicked sections, IAT/EAT, devices, modules, threads and libraries. Scan ran with no problems it had nothing to report. Then tried to complete scan by unticking remaining and ticking those I had unticked previously....computer crashed. What to do next?


----------



## eddie5659 (Mar 19, 2001)

Okay, leave GMER for now, we'll use a different scanner instead.

However, can you try something for me, as having a dig around still 

Now, this is just to see if this is causing the problem, don't leave it unticked once we test it 

-----

In the Control Panel, open Internet Options

In the Internet Options window, click on the Security tab.

Below the Security level for this zone area, and directly above the Custom level... and Default level buttons, uncheck the *Enable Protected Mode* checkbox.

Click OK on the Internet Options window.

If you're prompted with a Warning! dialog box, advising that The current security settings will put your computer at risk., click the OK button.

Close Internet Options, and try IE again, as normal.


----------



## baffledUK (Jul 2, 2012)

unticked no change.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, been away a lot at christmas, and the other days I have to work 

On now, but only for a bit, as I'll be celebrating soon 

Okay, found some more ideas, so lets see if these work:

Firstly, are you logging in as Admin when trying to access IE? If its the only account, then try right-clicking and selecting *Run As Admin*. Does it work now?

Obviously that's not the way you want it, if it does, so lets try this as well:

Please download Fix IE Utility then unzip the file to your desktop.


Close all open windows, especially *Internet Explorer*.
Right click on *Fix IE Utility* and select *Run as Administrator* to run the application.
Now click on the *Run Utility* button as shown in the image:-










Wait until the following message appears:-










Then click on *OK*.
Now reboot the machine.
Make sure Enable Protected Mode is selected and check if IE will work correctly without having to be ran in Admin mode etc.


----------



## baffledUK (Jul 2, 2012)

Happy New Year Eddie. Sorry to say IE won't run in administrator, ran fix still nothing...


----------



## eddie5659 (Mar 19, 2001)

And Happy New Year to you too 

Okay, lets try this one:


Please download this Microsoft FixIt and save it to the desktop.
Double click on *MicrosoftFixit50195.exe* select *I Agree* and click on *Next*.
Follow the on-screen prompts. 
You may delete *MicrosoftFixit50195.exe* when finished and or keep it if any problems in the future with IE9.
Next time IE9 is launched you will be prompted to reapply settings again, this is normal.
*Note:* Any add-ons will require to be reapplied after the above reset.


----------



## baffledUK (Jul 2, 2012)

tried this still no luck.. should I reinstall IE?


----------



## eddie5659 (Mar 19, 2001)

Worth a shot, it may replace any corrupt file entries 

If you want, as we're halfway there as the Internet Options work, create a restore point, just in case.

Let me know how it goes


----------



## baffledUK (Jul 2, 2012)

Well I never its worked. Uninstalled IE 9 and 8. Left me with IE7, double clicked on icon and away yer go!


----------



## eddie5659 (Mar 19, 2001)

Fantastic :up:

Its finally working? Well, IE7 is not the most secure, so I would try a restore point and possibly updating to IE8/9.

But, maybe after a few days, just to see if its working okay.

Have you rebooted, just to make triple-sure?

We can remove the tools we've used, as I think you may still have some, so I'll look thru the thread to see what we used.

However, this has definatly been a learning curve. Learnt many new things to try for other users, and thank you for hanging in there, and trying the different ideas. Many would have left 

eddie


----------



## eddie5659 (Mar 19, 2001)

I'll wait for your reply before we remove the tools


----------



## baffledUK (Jul 2, 2012)

looks like it is still working. How can I tell which IE I'm using only assumed it was IE7 because I uninstalled 8 and 9. But looking on programmes IE 9 is still there?? Anyway ready to clear tools and close thread. Thanks for all your help and patience.


----------



## eddie5659 (Mar 19, 2001)

Excellent 

To see the version, when you open Internet Explorer, at the top in the menu options, click on Help | About and it will say the version 

Lets remove the tools now 

------------

*You can mark this thread Solved at the top of this page, if its all running okay *

*Any questions about the following, just ask  *

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
Security Check
TDSSKiller
aswMBR
SystemLook 
inetcpl.zip
FSS.exe
GrantPerms.exe
GrantPerms.zip
sfp.zip
AdwCleaner
MiniToolBox
fix.reg
fix2.reg
Fix IE Utility
MicrosoftFixit50195.exe
*

If GMER is still showing, remove as follows:

*Uninstall GMER*


*Copy the entire contents of the Quote Box * below to *Notepad*. 
Name the file as *gmer_uninstall.bat * 
Change the *Save as Type* to *All Files * 
and *Save* it in the folder*GMER* was saved 
 Once saved, double click on the *gmer_uninstall.bat* file. the MSDOS window will be displayed. That is normal.



> @echo off
> sc stop gmer
> sc delete gmer
> if exist %SystemRoot%\System32\drivers\gmer.sys del /f /q %SystemRoot%\System32\drivers\gmer.sys
> ...


==============================

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

*Create Restore Point (Win7/Vista)*


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 

Then click on the *Advanced tab* and do the following:


 Scroll down to *Security* section.
 Tick the box for *Empty Tempory Internet Files when Browser is Closed*

 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. You can either use *Microsoft Windows Firewall* which is good, or a free one available for personal use.

and a good antivirus

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## baffledUK (Jul 2, 2012)

Thanks Eddie over and out..


----------

