Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS and random windows keep coming up and more... even skype was affected yesterday, can't boot from USB into Ubuntu neither


  • This topic is locked This topic is locked
27 replies to this topic

#1 theelectricyouth

theelectricyouth

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 30 April 2011 - 09:22 AM

Dear administrators

I seem to have been infected with TDSS as random windows keep coming up in Firefox. At one point of time yesterday, even skype was affected, all the contacts had 0 connection status and internet explorer windows keep popping up everytime I clicked on a contact. I then tried to use the Ubuntu partition to try and clean out this problem thinking it was malware related, because my Ubuntu is very old, I downloaded the latest version and installed it onto a USB drive, then I tried booting from there but there was an error message saying there was something wrong with the configuration. After this attempt to boot from USB, I tried to return to Windows XP, thats when I blue screened 3-4 times before I entered into Safe Mode and everything was booting ok again for Windows. This might or might not be related to the TLD4 @ MBR problem, but just so the picture is clearer on my dual boot disc.

Here are the readouts from the various programs.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by One Man Nation at 15:56:46.37 on 30/04/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\One Man Nation\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HDSPTray1] hdsp32.exe
mRun: [HDSPTray2] hdspmix.exe
mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://www.matric.cervantes.es/viewer/activeXViewer/activexviewer.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\oneman~1\applic~1\mozilla\firefox\profiles\cej7lhb1.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: MacOSX Theme: {00352F14-3F76-4e4d-ACFF-9976D7E4B3B9} - %profile%\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
============= SERVICES / DRIVERS ===============
.
R? AMService;AMService
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? hdsp;RME Hammerfall Audio Device
R? MEMSWEEP2;MEMSWEEP2
R? PDSched;PDScheduler
R? pwmdylfs;Microsoft UAA Function for High Definition Audio ServiceSupport
R? ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service
R? ZSMC0305;Look 316
.
=============== Created Last 30 ================
.
2011-04-29 17:41:41 -------- d-----w- c:\program files\GMER
2011-04-29 16:44:02 -------- d-sha-r- C:\cmdcons
2011-04-29 11:15:49 -------- d-----w- c:\program files\Sophos
2011-04-29 07:44:39 -------- d-----w- c:\docume~1\oneman~1\applic~1\Malwarebytes
2011-04-29 07:44:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 07:44:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-29 07:44:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 07:44:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-08 09:32:22 -------- d-----w- c:\docume~1\oneman~1\locals~1\applic~1\Sony
2011-04-08 09:22:37 -------- d-----w- c:\program files\Sony
2011-04-08 09:15:44 -------- d-----w- c:\windows\system32\LogFiles
2011-04-08 09:14:20 -------- d-----w- c:\windows\SxsCaPendDel
2011-04-08 09:03:24 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-08 09:02:24 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-08 09:02:13 14048 ------w- c:\windows\system32\spmsg2.dll
2011-04-04 10:44:38 -------- d-----w- c:\docume~1\oneman~1\applic~1\avidemux
2011-04-04 10:42:02 -------- d-----w- c:\program files\Avidemux 2.5
.
==================== Find3M ====================
.
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 15:58:21.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 PM

Posted 05 May 2011 - 06:34 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 theelectricyouth

theelectricyouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 May 2011 - 05:41 AM

Hi,

thanks for replying!

After running the TDSSKiller and Curing, my GRUB bootloader was not working, I had to boot Ubuntu 11.04 from USB and reinstalled the GRUB bootloader. After that, I logged into windows and did another scan of TDSS which resulted in the malware being apparently fixed. I have copied and pasted both of them here as well as the 2 requested files from the OTL scan. Thanks again for all your help, everything seems to be working now, but please lok through the scans and let me know if there might still be something lurking in the background.

Kind Regards,
Marc

2011/05/06 11:42:40.0984 1608 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/06 11:42:41.0328 1608 ================================================================================
2011/05/06 11:42:41.0328 1608 SystemInfo:
2011/05/06 11:42:41.0328 1608
2011/05/06 11:42:41.0328 1608 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/06 11:42:41.0328 1608 Product type: Workstation
2011/05/06 11:42:41.0328 1608 ComputerName: MARCOS
2011/05/06 11:42:41.0328 1608 UserName: One Man Nation
2011/05/06 11:42:41.0328 1608 Windows directory: C:\WINDOWS
2011/05/06 11:42:41.0328 1608 System windows directory: C:\WINDOWS
2011/05/06 11:42:41.0328 1608 Processor architecture: Intel x86
2011/05/06 11:42:41.0328 1608 Number of processors: 2
2011/05/06 11:42:41.0328 1608 Page size: 0x1000
2011/05/06 11:42:41.0328 1608 Boot type: Normal boot
2011/05/06 11:42:41.0328 1608 ================================================================================
2011/05/06 11:42:41.0718 1608 Initialize success
2011/05/06 11:42:46.0140 2776 ================================================================================
2011/05/06 11:42:46.0140 2776 Scan started
2011/05/06 11:42:46.0140 2776 Mode: Manual;
2011/05/06 11:42:46.0140 2776 ================================================================================
2011/05/06 11:42:46.0828 2776 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/06 11:42:46.0875 2776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/06 11:42:46.0953 2776 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/06 11:42:46.0984 2776 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/05/06 11:42:47.0140 2776 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/06 11:42:47.0218 2776 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/06 11:42:47.0281 2776 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/06 11:42:47.0328 2776 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/06 11:42:47.0375 2776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/06 11:42:47.0437 2776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/06 11:42:47.0484 2776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/06 11:42:47.0531 2776 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/06 11:42:47.0593 2776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/06 11:42:47.0625 2776 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/06 11:42:47.0671 2776 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/06 11:42:47.0750 2776 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/06 11:42:47.0812 2776 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/06 11:42:47.0921 2776 Defrag32 (e511e32308414829d38a4ecc3dd66aa1) C:\WINDOWS\system32\drivers\Defrag32.sys
2011/05/06 11:42:47.0937 2776 Defrag32b (48ba6646b3a17f0e7ffdeb020309846f) C:\WINDOWS\system32\drivers\Defrag32b.sys
2011/05/06 11:42:47.0968 2776 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/06 11:42:48.0046 2776 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/06 11:42:48.0093 2776 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/06 11:42:48.0125 2776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/06 11:42:48.0187 2776 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/06 11:42:48.0250 2776 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/06 11:42:48.0312 2776 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/06 11:42:48.0359 2776 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/06 11:42:48.0406 2776 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/06 11:42:48.0421 2776 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/06 11:42:48.0468 2776 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/06 11:42:48.0515 2776 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/06 11:42:48.0546 2776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/06 11:42:48.0593 2776 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/05/06 11:42:48.0609 2776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/06 11:42:48.0671 2776 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/05/06 11:42:48.0703 2776 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/06 11:42:48.0796 2776 HdAudAddService (88e368ddc0b2200200d6810f63aab97f) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/05/06 11:42:48.0875 2776 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/06 11:42:48.0937 2776 hdsp (75d736b24f7f221fd90ce8e5e8f2836a) C:\WINDOWS\system32\drivers\hdsp.sys
2011/05/06 11:42:48.0984 2776 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/06 11:42:49.0046 2776 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/06 11:42:49.0109 2776 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/06 11:42:49.0203 2776 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/06 11:42:49.0296 2776 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/06 11:42:49.0375 2776 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/06 11:42:49.0500 2776 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/06 11:42:49.0546 2776 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/06 11:42:49.0656 2776 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/06 11:42:49.0718 2776 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/06 11:42:49.0734 2776 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/06 11:42:49.0781 2776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/06 11:42:49.0796 2776 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/06 11:42:49.0812 2776 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/06 11:42:49.0843 2776 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/06 11:42:49.0906 2776 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/06 11:42:49.0953 2776 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/06 11:42:49.0968 2776 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/06 11:42:50.0031 2776 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/06 11:42:50.0062 2776 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/06 11:42:50.0140 2776 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/06 11:42:50.0203 2776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/06 11:42:50.0234 2776 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/06 11:42:50.0250 2776 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/06 11:42:50.0296 2776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/06 11:42:50.0328 2776 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/06 11:42:50.0359 2776 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/06 11:42:50.0406 2776 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/06 11:42:50.0453 2776 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/06 11:42:50.0500 2776 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/06 11:42:50.0546 2776 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/06 11:42:50.0562 2776 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/06 11:42:50.0593 2776 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/06 11:42:50.0609 2776 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/06 11:42:50.0640 2776 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/06 11:42:50.0671 2776 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/06 11:42:50.0703 2776 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/06 11:42:50.0734 2776 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/06 11:42:50.0765 2776 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/06 11:42:50.0812 2776 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/06 11:42:50.0828 2776 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/06 11:42:50.0843 2776 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/06 11:42:50.0875 2776 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/06 11:42:50.0906 2776 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/06 11:42:51.0015 2776 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/05/06 11:42:51.0093 2776 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/06 11:42:51.0125 2776 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/06 11:42:51.0156 2776 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/06 11:42:51.0203 2776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/06 11:42:51.0250 2776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/06 11:42:51.0265 2776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/06 11:42:51.0312 2776 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/06 11:42:51.0359 2776 pae_1394 (f1ecdef495afebd39a342fe670fe0c70) C:\WINDOWS\system32\Drivers\pae_1394.sys
2011/05/06 11:42:51.0406 2776 pae_avs (8ea42d40c74e23f94d33c79cdb24b107) C:\WINDOWS\system32\Drivers\pae_avs.sys
2011/05/06 11:42:51.0437 2776 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/06 11:42:51.0468 2776 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/06 11:42:51.0500 2776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/06 11:42:51.0562 2776 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/06 11:42:51.0609 2776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/06 11:42:51.0640 2776 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/06 11:42:51.0828 2776 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/06 11:42:51.0843 2776 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/06 11:42:51.0875 2776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/06 11:42:52.0000 2776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/06 11:42:52.0015 2776 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/06 11:42:52.0062 2776 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/06 11:42:52.0078 2776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/06 11:42:52.0093 2776 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/06 11:42:52.0125 2776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/06 11:42:52.0171 2776 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/06 11:42:52.0218 2776 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/06 11:42:52.0265 2776 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/06 11:42:52.0328 2776 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/06 11:42:52.0375 2776 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/06 11:42:52.0437 2776 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/06 11:42:52.0515 2776 sdbus (ebe9897eb74c5270f65bdb4164f7fc8a) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/06 11:42:52.0562 2776 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/06 11:42:52.0609 2776 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/06 11:42:52.0625 2776 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/06 11:42:52.0671 2776 sffdisk (c822368e1b37b261df6fe4409a5bd135) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/06 11:42:52.0703 2776 sffp_sd (02777cac6de03e21abe6e2cc5349bacf) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/06 11:42:52.0718 2776 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/06 11:42:52.0781 2776 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/06 11:42:52.0828 2776 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/06 11:42:52.0875 2776 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/06 11:42:52.0937 2776 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/06 11:42:52.0984 2776 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/06 11:42:53.0000 2776 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/06 11:42:53.0046 2776 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/06 11:42:53.0140 2776 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/06 11:42:53.0187 2776 Tcpip (c81d6a930a7805f6daa0c7902b99037e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/06 11:42:53.0234 2776 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/06 11:42:53.0265 2776 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/06 11:42:53.0312 2776 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/06 11:42:53.0390 2776 TPkd (5f226c681049fb1df1578af32bb641f1) C:\WINDOWS\system32\drivers\TPkd.sys
2011/05/06 11:42:53.0437 2776 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/06 11:42:53.0515 2776 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/06 11:42:53.0578 2776 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/06 11:42:53.0625 2776 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/06 11:42:53.0671 2776 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/06 11:42:53.0687 2776 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/06 11:42:53.0750 2776 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/06 11:42:53.0781 2776 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/06 11:42:53.0812 2776 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/06 11:42:53.0843 2776 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/06 11:42:53.0890 2776 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/06 11:42:53.0937 2776 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/06 11:42:54.0015 2776 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/06 11:42:54.0046 2776 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/06 11:42:54.0109 2776 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/06 11:42:54.0171 2776 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/06 11:42:54.0250 2776 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/06 11:42:54.0312 2776 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/06 11:42:54.0359 2776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/06 11:42:54.0390 2776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/06 11:42:54.0453 2776 ZMHHPAudioSrv (95a32e8dc49aef99a10502df85e473f7) C:\WINDOWS\system32\drivers\zmhhpau.sys
2011/05/06 11:42:54.0531 2776 ZSMC0305 (517aab1c63d30e4478db9ffea541cc51) C:\WINDOWS\system32\Drivers\usbVM305.sys
2011/05/06 11:42:54.0687 2776 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/06 11:42:54.0687 2776 ================================================================================
2011/05/06 11:42:54.0687 2776 Scan finished
2011/05/06 11:42:54.0687 2776 ================================================================================
2011/05/06 11:42:54.0703 2768 Detected object count: 1
2011/05/06 11:43:27.0593 2768 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/06 11:43:27.0593 2768 \HardDisk0 - ok
2011/05/06 11:43:27.0593 2768 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/06 11:44:17.0296 2604 Deinitialize success


______________________________________________________________________________________________________________________________________________

2011/05/06 12:30:01.0562 0264 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/06 12:30:02.0250 0264 ================================================================================
2011/05/06 12:30:02.0250 0264 SystemInfo:
2011/05/06 12:30:02.0250 0264
2011/05/06 12:30:02.0250 0264 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/06 12:30:02.0250 0264 Product type: Workstation
2011/05/06 12:30:02.0250 0264 ComputerName: MARCOS
2011/05/06 12:30:02.0250 0264 UserName: One Man Nation
2011/05/06 12:30:02.0250 0264 Windows directory: C:\WINDOWS
2011/05/06 12:30:02.0250 0264 System windows directory: C:\WINDOWS
2011/05/06 12:30:02.0250 0264 Processor architecture: Intel x86
2011/05/06 12:30:02.0250 0264 Number of processors: 2
2011/05/06 12:30:02.0250 0264 Page size: 0x1000
2011/05/06 12:30:02.0250 0264 Boot type: Normal boot
2011/05/06 12:30:02.0250 0264 ================================================================================
2011/05/06 12:30:02.0953 0264 Initialize success
2011/05/06 12:30:04.0468 0440 ================================================================================
2011/05/06 12:30:04.0468 0440 Scan started
2011/05/06 12:30:04.0468 0440 Mode: Manual;
2011/05/06 12:30:04.0468 0440 ================================================================================
2011/05/06 12:30:10.0781 0440 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/06 12:30:11.0265 0440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/06 12:30:11.0968 0440 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/06 12:30:12.0421 0440 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/05/06 12:30:15.0093 0440 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/06 12:30:16.0453 0440 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/06 12:30:16.0593 0440 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/06 12:30:16.0734 0440 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/06 12:30:16.0796 0440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/06 12:30:16.0843 0440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/06 12:30:16.0875 0440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/06 12:30:16.0937 0440 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/06 12:30:16.0984 0440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/06 12:30:17.0015 0440 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/06 12:30:17.0078 0440 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/06 12:30:17.0203 0440 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/06 12:30:17.0250 0440 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/06 12:30:17.0390 0440 Defrag32 (e511e32308414829d38a4ecc3dd66aa1) C:\WINDOWS\system32\drivers\Defrag32.sys
2011/05/06 12:30:17.0421 0440 Defrag32b (48ba6646b3a17f0e7ffdeb020309846f) C:\WINDOWS\system32\drivers\Defrag32b.sys
2011/05/06 12:30:17.0515 0440 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/06 12:30:17.0578 0440 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/06 12:30:17.0625 0440 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/06 12:30:17.0656 0440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/06 12:30:17.0718 0440 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/06 12:30:17.0796 0440 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/06 12:30:17.0843 0440 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/06 12:30:17.0875 0440 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/06 12:30:17.0921 0440 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/06 12:30:17.0937 0440 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/06 12:30:17.0984 0440 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/06 12:30:18.0031 0440 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/06 12:30:18.0062 0440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/06 12:30:18.0109 0440 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/05/06 12:30:18.0125 0440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/06 12:30:18.0171 0440 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/05/06 12:30:18.0203 0440 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/06 12:30:18.0250 0440 HdAudAddService (88e368ddc0b2200200d6810f63aab97f) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/05/06 12:30:18.0281 0440 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/06 12:30:18.0328 0440 hdsp (75d736b24f7f221fd90ce8e5e8f2836a) C:\WINDOWS\system32\drivers\hdsp.sys
2011/05/06 12:30:18.0390 0440 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/06 12:30:18.0421 0440 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/06 12:30:18.0468 0440 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/06 12:30:18.0546 0440 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/06 12:30:18.0625 0440 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/06 12:30:18.0687 0440 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/06 12:30:18.0781 0440 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/06 12:30:18.0828 0440 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/06 12:30:18.0906 0440 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/06 12:30:18.0953 0440 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/06 12:30:19.0000 0440 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/06 12:30:19.0046 0440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/06 12:30:19.0062 0440 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/06 12:30:19.0078 0440 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/06 12:30:19.0109 0440 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/06 12:30:19.0140 0440 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/06 12:30:19.0187 0440 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/06 12:30:19.0218 0440 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/06 12:30:19.0265 0440 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/06 12:30:19.0296 0440 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/06 12:30:19.0390 0440 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/06 12:30:19.0468 0440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/06 12:30:19.0593 0440 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/06 12:30:19.0609 0440 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/06 12:30:19.0656 0440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/06 12:30:19.0671 0440 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/06 12:30:19.0718 0440 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/06 12:30:19.0781 0440 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/06 12:30:19.0843 0440 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/06 12:30:19.0906 0440 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/06 12:30:19.0953 0440 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/06 12:30:19.0984 0440 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/06 12:30:20.0031 0440 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/06 12:30:20.0062 0440 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/06 12:30:20.0078 0440 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/06 12:30:20.0125 0440 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/06 12:30:20.0156 0440 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/06 12:30:20.0187 0440 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/06 12:30:20.0218 0440 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/06 12:30:20.0265 0440 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/06 12:30:20.0312 0440 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/06 12:30:20.0328 0440 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/06 12:30:20.0343 0440 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/06 12:30:20.0375 0440 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/06 12:30:20.0500 0440 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/05/06 12:30:20.0562 0440 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/06 12:30:20.0578 0440 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/06 12:30:20.0625 0440 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/06 12:30:20.0656 0440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/06 12:30:20.0718 0440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/06 12:30:20.0734 0440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/06 12:30:20.0781 0440 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/06 12:30:20.0828 0440 pae_1394 (f1ecdef495afebd39a342fe670fe0c70) C:\WINDOWS\system32\Drivers\pae_1394.sys
2011/05/06 12:30:20.0859 0440 pae_avs (8ea42d40c74e23f94d33c79cdb24b107) C:\WINDOWS\system32\Drivers\pae_avs.sys
2011/05/06 12:30:20.0906 0440 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/06 12:30:20.0937 0440 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/06 12:30:20.0984 0440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/06 12:30:21.0046 0440 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/06 12:30:21.0109 0440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/06 12:30:21.0140 0440 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/06 12:30:21.0328 0440 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/06 12:30:21.0359 0440 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/06 12:30:21.0375 0440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/06 12:30:21.0500 0440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/06 12:30:21.0531 0440 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/06 12:30:21.0546 0440 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/06 12:30:21.0578 0440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/06 12:30:21.0593 0440 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/06 12:30:21.0609 0440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/06 12:30:21.0671 0440 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/06 12:30:21.0718 0440 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/06 12:30:21.0765 0440 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/06 12:30:21.0828 0440 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/06 12:30:21.0875 0440 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/06 12:30:21.0953 0440 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/06 12:30:22.0031 0440 sdbus (ebe9897eb74c5270f65bdb4164f7fc8a) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/06 12:30:22.0062 0440 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/06 12:30:22.0109 0440 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/06 12:30:22.0140 0440 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/06 12:30:22.0218 0440 sffdisk (c822368e1b37b261df6fe4409a5bd135) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/06 12:30:22.0250 0440 sffp_sd (02777cac6de03e21abe6e2cc5349bacf) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/06 12:30:22.0265 0440 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/06 12:30:22.0343 0440 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/06 12:30:22.0390 0440 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/06 12:30:22.0453 0440 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/06 12:30:22.0515 0440 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/06 12:30:22.0562 0440 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/06 12:30:22.0578 0440 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/06 12:30:22.0609 0440 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/06 12:30:22.0718 0440 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/06 12:30:22.0765 0440 Tcpip (c81d6a930a7805f6daa0c7902b99037e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/06 12:30:22.0812 0440 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/06 12:30:22.0843 0440 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/06 12:30:22.0890 0440 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/06 12:30:22.0968 0440 TPkd (5f226c681049fb1df1578af32bb641f1) C:\WINDOWS\system32\drivers\TPkd.sys
2011/05/06 12:30:23.0046 0440 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/06 12:30:23.0125 0440 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/06 12:30:23.0203 0440 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/06 12:30:23.0234 0440 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/06 12:30:23.0281 0440 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/06 12:30:23.0312 0440 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/06 12:30:23.0359 0440 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/06 12:30:23.0390 0440 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/06 12:30:23.0421 0440 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/06 12:30:23.0453 0440 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/06 12:30:23.0500 0440 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/06 12:30:23.0562 0440 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/06 12:30:23.0625 0440 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/06 12:30:23.0671 0440 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/06 12:30:23.0750 0440 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/06 12:30:23.0812 0440 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/06 12:30:23.0906 0440 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/06 12:30:23.0968 0440 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/06 12:30:24.0015 0440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/06 12:30:24.0046 0440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/06 12:30:24.0109 0440 ZMHHPAudioSrv (95a32e8dc49aef99a10502df85e473f7) C:\WINDOWS\system32\drivers\zmhhpau.sys
2011/05/06 12:30:24.0171 0440 ZSMC0305 (517aab1c63d30e4478db9ffea541cc51) C:\WINDOWS\system32\Drivers\usbVM305.sys
2011/05/06 12:30:24.0328 0440 ================================================================================
2011/05/06 12:30:24.0328 0440 Scan finished
2011/05/06 12:30:24.0328 0440 ================================================================================
2011/05/06 12:34:32.0531 0248 Deinitialize success

____________________________________________________________________________________________________________________________________________________

OTL.txt

OTL logfile created on: 06/05/2011 12:32:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\One Man Nation\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 27.67 Gb Free Space | 11.33% Space Free | Partition Type: NTFS

Computer Name: MARCOS | User Name: One Man Nation | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 12:31:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\One Man Nation\Desktop\OTL.exe
PRC - [2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\One Man Nation\Desktop\TDSSKiller.exe
PRC - [2011/04/30 18:59:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/10/28 16:06:02 | 000,364,544 | R--- | M] () -- C:\WINDOWS\system32\hdspmix.exe
PRC - [2008/10/28 16:04:54 | 000,376,320 | ---- | M] (RME) -- C:\WINDOWS\system32\hdsp32.exe
PRC - [2005/08/05 16:15:04 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 12:31:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\One Man Nation\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (pwmdylfs)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AVG Security Toolbar Service)
SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2007/03/28 19:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005/11/29 11:16:46 | 000,241,731 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2005/11/29 11:16:10 | 000,483,397 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)


========== Driver Services (SafeList) ==========

DRV - [2008/10/28 16:04:12 | 000,066,048 | ---- | M] (RME) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdsp.sys -- (hdsp)
DRV - [2008/09/08 14:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/08/11 11:03:22 | 000,091,136 | ---- | M] (ZOOM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zmhhpau.sys -- (ZMHHPAudioSrv)
DRV - [2008/03/13 15:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 15:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/10/09 17:06:54 | 000,123,440 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pae_1394.sys -- (pae_1394)
DRV - [2007/10/09 17:06:54 | 000,051,248 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pae_avs.sys -- (pae_avs)
DRV - [2006/08/02 19:20:42 | 001,466,624 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2006/06/23 11:07:02 | 000,581,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/22 11:33:44 | 000,061,456 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2005/11/22 11:33:34 | 000,061,456 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\defrag32.sys -- (Defrag32)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/08/22 16:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 16:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 16:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2052111302-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}:0.6.8


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 18:59:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 18:59:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/02 10:04:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/19 06:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\One Man Nation\Application Data\Mozilla\Extensions
[2010/03/19 06:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\One Man Nation\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/06 10:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\One Man Nation\Application Data\Mozilla\Firefox\Profiles\cej7lhb1.default\extensions
[2011/04/21 18:29:46 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\One Man Nation\Application Data\Mozilla\Firefox\Profiles\cej7lhb1.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2011/04/19 01:09:27 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\One Man Nation\Application Data\Mozilla\Firefox\Profiles\cej7lhb1.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/03/14 18:26:07 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\One Man Nation\Application Data\Mozilla\Firefox\Profiles\cej7lhb1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/04/21 18:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\One Man Nation\Application Data\Mozilla\Firefox\Profiles\cej7lhb1.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions
[2011/05/05 10:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 03:41:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/21 03:41:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/21 03:41:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-630328440-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (Vimicro)
O4 - HKLM..\Run: [HDSPTray1] C:\WINDOWS\System32\hdsp32.exe (RME)
O4 - HKLM..\Run: [HDSPTray2] C:\WINDOWS\System32\hdspmix.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-630328440-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.matric.cervantes.es/viewer/activeXViewer/activexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\One Man Nation\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\One Man Nation\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/18 19:20:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 12:31:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\One Man Nation\Desktop\OTL.exe
[2011/05/06 11:42:38 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\One Man Nation\Desktop\TDSSKiller.exe
[2011/05/05 19:51:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\One Man Nation\Recent
[2011/05/01 15:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\One Man Nation\Desktop\Shaun Sankaran at TUF 03
[2011/05/01 12:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REAPER
[2011/04/29 19:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\GMER
[2011/04/29 19:40:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/29 18:44:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/29 18:37:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/29 13:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/29 12:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/29 12:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/29 09:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\One Man Nation\Application Data\Malwarebytes
[2011/04/29 09:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/29 09:44:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/29 09:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/29 09:44:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/29 09:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/29 09:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/29 09:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/16 09:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/04/16 09:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\One Man Nation\Application Data\vlc
[2011/04/08 12:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\One Man Nation\My Documents\Sony Video Projects
[2011/04/08 11:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\One Man Nation\Local Settings\Application Data\Sony
[2011/04/08 11:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/04/08 11:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/04/08 11:16:49 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/04/08 11:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/04/08 11:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/08 11:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/04/08 11:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/04/08 11:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/04/08 11:03:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/04/08 11:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/04/08 11:02:13 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011/04/08 10:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\One Man Nation\Application Data\Sony Setup
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 12:31:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\One Man Nation\Desktop\OTL.exe
[2011/05/06 12:29:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/06 11:42:29 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Desktop\tdsskiller.zip
[2011/05/06 10:12:55 | 000,436,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/06 10:12:55 | 000,070,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 13:55:53 | 000,009,867 | ---- | M] () -- C:\Documents and Settings\One Man Nation\.recently-used.xbel
[2011/05/05 10:10:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 21:01:58 | 000,076,808 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Desktop\IMG_6339_1126x845.jpg
[2011/05/03 19:34:12 | 000,157,470 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Desktop\2011-05-10_ValenciaTOBilbao-Spanair-ShaunPreet.pdf
[2011/05/03 19:34:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\DOPDF7
[2011/05/01 17:09:16 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Live 8.2.1.lnk
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\One Man Nation\Desktop\TDSSKiller.exe
[2011/04/30 15:55:42 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Desktop\dds.scr
[2011/04/30 15:54:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\One Man Nation\defogger_reenable
[2011/04/30 15:54:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Desktop\Defogger.exe
[2011/04/29 19:27:19 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/29 18:44:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/28 11:24:20 | 118,947,840 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Desktop\00137.MTS
[2011/04/19 18:08:48 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\One Man Nation\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 11:16:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/08 11:15:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 11:42:23 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Desktop\tdsskiller.zip
[2011/05/05 13:55:53 | 000,009,867 | ---- | C] () -- C:\Documents and Settings\One Man Nation\.recently-used.xbel
[2011/05/03 21:01:29 | 000,076,808 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Desktop\IMG_6339_1126x845.jpg
[2011/05/03 19:34:11 | 000,157,470 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Desktop\2011-05-10_ValenciaTOBilbao-Spanair-ShaunPreet.pdf
[2011/05/01 17:09:16 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Live 8.2.1.lnk
[2011/04/30 15:55:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Desktop\dds.scr
[2011/04/30 15:54:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\One Man Nation\defogger_reenable
[2011/04/30 15:54:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Desktop\Defogger.exe
[2011/04/29 18:44:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/29 18:44:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/28 11:23:24 | 118,947,840 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Desktop\00137.MTS
[2011/04/08 11:15:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/04/08 11:07:23 | 000,073,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/27 04:07:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2011/02/27 04:07:20 | 000,014,385 | ---- | C] () -- C:\WINDOWS\TW561a.ini
[2011/02/24 17:35:22 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/10/27 22:05:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/10/17 15:16:52 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\One Man Nation\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/19 05:26:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/14 19:05:35 | 000,000,535 | ---- | C] () -- C:\WINDOWS\FORGE32.INI
[2009/02/24 14:10:28 | 001,490,944 | ---- | C] () -- C:\WINDOWS\System32\chuck.exe
[2009/01/22 03:09:00 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SQ.INI
[2009/01/07 01:36:57 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2008/12/09 21:30:20 | 001,275,026 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2008/12/09 21:30:20 | 001,153,640 | ---- | C] () -- C:\WINDOWS\System32\libvorbisenc-2.dll
[2008/12/09 21:30:20 | 001,010,421 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/12/09 21:30:20 | 000,183,050 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2008/12/09 21:30:20 | 000,051,790 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2008/12/09 21:30:20 | 000,048,995 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2008/12/09 21:30:19 | 001,024,153 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
[2008/12/09 21:29:47 | 000,027,895 | ---- | C] () -- C:\WINDOWS\System32\cyclist.exe
[2008/12/09 21:29:47 | 000,013,412 | ---- | C] () -- C:\WINDOWS\System32\pdreceive.exe
[2008/12/09 21:29:47 | 000,009,181 | ---- | C] () -- C:\WINDOWS\System32\pdsend.exe
[2008/10/05 18:57:59 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/05 18:51:18 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2008/10/05 14:25:33 | 000,162,837 | ---- | C] () -- C:\WINDOWS\EXPStudio's CD Ripper Burner Converter FREE 4.0 Uninstaller.exe
[2008/09/22 17:40:11 | 000,833,093 | ---- | C] () -- C:\WINDOWS\PhaseTwo VST plug-in Uninstaller.exe
[2008/09/22 17:35:29 | 000,833,114 | ---- | C] () -- C:\WINDOWS\Discord 2 VST plug-in Uninstaller.exe
[2008/09/22 13:30:15 | 000,364,544 | R--- | C] () -- C:\WINDOWS\System32\hdspmix.exe
[2008/09/19 00:58:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/18 21:18:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/18 21:17:50 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 19:34:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2008/09/18 19:30:19 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/09/18 19:22:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/18 19:17:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/11 11:03:10 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\zmhhpaso.dll
[2008/08/11 11:03:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\zmhhpaudcp.exe
[2006/08/27 22:32:33 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/08/04 01:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 00:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/08/06 11:33:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,436,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,070,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\One Man Nation\Desktop\Ark.txt.log:SummaryInformation
@Alternate Data Stream - 1206 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:TUTQ6puj183yW1mxOE1
@Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:TByF46jVZCgwjA4ZggPU6jP

< End of report >

_________________________________________________________________________________________________________________________________

Extras.txt

OTL Extras logfile created on: 06/05/2011 12:32:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\One Man Nation\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 27.67 Gb Free Space | 11.33% Space Free | Partition Type: NTFS

Computer Name: MARCOS | User Name: One Man Nation | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2052111302-630328440-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\_AUDIO\Monome\miniAudicle.exe" = C:\Program Files\_AUDIO\Monome\miniAudicle.exe:*:Enabled:miniAudicle -- ()
"C:\Program Files\_AUDIO\PureData\bin\pd.exe" = C:\Program Files\_AUDIO\PureData\bin\pd.exe:*:Enabled:pd -- ()
"C:\WINDOWS\system32\chuck.exe" = C:\WINDOWS\system32\chuck.exe:*:Enabled:chuck -- ()
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Messaging)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Cycling '74\Max 5.0\Max.exe" = C:\Program Files\Cycling '74\Max 5.0\Max.exe:*:Enabled:MaxMSP -- (Cycling '74)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0470A26E-E4C4-47AF-9152-B04B0121FC3B}" = Max 5.0.7
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{487B77F6-5692-4DCD-946C-6AAD0E6AAFB6}" = Your Tanpura v4
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B10CE2B-4450-46C5-95F7-CBA0C5D4BE73}" = Sony CD Architect 5.2
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CD89BDD5-E758-42D5-B34B-C149F88CE515}" = Look 316
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D458E704-814E-4277-9D23-02089080D9E8}" = Monome Serial 0.2.1.2a
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Essentials
"7-Zip" = 7-Zip 4.65
"8663B5B9069C096791B6162C2B1B04053C00EBE6" = Windows Driver Package - Intel (w29n51) net (11/07/2006 9.0.4.27)
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Ableton Live_is1" = Ableton Live v6.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ant Renamer 2_is1" = Ant Renamer
"Avidemux 2.5" = Avidemux 2.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B2m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Discord 2 VST plug-in" = Discord 2 VST plug-in
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Evolver Sound Editor_is1" = Evolver Sound Editor 3.8
"EXPStudio's CD Ripper Burner Converter FREE 4.0" = EXPStudio's CD Ripper Burner Converter FREE 4.0
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"FileZilla Client" = FileZilla Client 3.3.5.1
"Fotosizer" = Fotosizer 1.30
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"GRM Tools Classic VST v1.6.52" = GRM Tools Classic VST v1.6.52
"GRM Tools Spectral Transform VST v1.6.52" = GRM Tools Spectral Transform VST v1.6.52
"HDMI" = Intel® Graphics Media Accelerator Driver
"HDSP" = RME Hammerfall DSP (WDM)
"Hipno 1.0.4" = Hipno 1.0.4
"IMAPSize_is1" = IMAPSize 0.3.7
"iZotope Trash_is1" = iZotope Trash
"iZotope Vinyl_is1" = iZotope Vinyl
"Live 8.2.1" = Live 8.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MODE 1.2.4" = MODE 1.2.4
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Native Instruments Absynth v3.0.2" = Native Instruments Absynth v3.0.2
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Reaktor 5.1.1" = N.I. Reaktor v5.1.1
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Notepad++" = Notepad++
"pd_is1" = Pd-0.40.3-extended-20080721
"PhaseTwo VST plug-in" = PhaseTwo VST plug-in
"PROSet" = Intel® PRO Network Connections Drivers
"PSP 608 MultiDelay 1.1.0" = PSP 608 MultiDelay 1.1.0
"REAPER" = REAPER
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"VLC media player" = VLC media player 1.1.8
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"Waves L3 v5.2" = Waves L3 v5.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZHCIELangPack" = Chinese (Simplified) Language Support
"ZOOM H Series Audio Driver" = ZOOM H Series Audio Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/04/2011 10:53:29 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application tdsskiller.exe, version 2.4.21.0, faulting module
tdsskiller.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 10:53:45 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application tdsskiller.exe, version 2.4.21.0, faulting module
tdsskiller.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 10:58:36 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application kill.com.exe, version 2.4.21.0, faulting module
kill.com.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 11:04:03 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application kill.com.exe, version 2.4.21.0, faulting module
kill.com.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 11:04:45 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application kill.com.exe, version 2.4.21.0, faulting module
kill.com.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 11:04:55 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application kill.com.exe, version 2.4.21.0, faulting module
kill.com.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 11:40:04 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application kill.com.exe, version 2.4.21.0, faulting module
kill.com.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 12:06:43 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application kill.com.exe, version 2.4.21.0, faulting module
kill.com.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 29/04/2011 12:39:32 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application kill.com.exe, version 2.4.21.0, faulting module
kill.com.exe, version 2.4.21.0, fault address 0x00056ec9.

Error - 02/05/2011 15:45:36 | Computer Name = MARCOS | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.6.exe, version 0.0.0.0, faulting module
libgdk-win32-2.0-0.dll, version 2.16.6.0, fault address 0x0003ede2.

[ System Events ]
Error - 06/05/2011 04:10:10 | Computer Name = MARCOS | Source = Service Control Manager | ID = 7023
Description = The Microsoft UAA Function for High Definition Audio ServiceSupport
service terminated with the following error: %%126

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:30:16 | Computer Name = MARCOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 06/05/2011 06:31:31 | Computer Name = MARCOS | Source = Service Control Manager | ID = 7023
Description = The Microsoft UAA Function for High Definition Audio ServiceSupport
service terminated with the following error: %%126


< End of report >

______________________________________________________________________________________________________________

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 PM

Posted 06 May 2011 - 11:15 AM

Hi Marc!

Looks like TDSSKiller did it's job! :)

Do you recognizes these files?

C:\WINDOWS\System32\DOPDF7
C:\Documents and Settings\One Man Nation\Desktop\00137.MTS



NEXT:



The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/05/06 11:42:54.0703 2768 Detected object count: 1
2011/05/06 11:43:27.0593 2768 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/06 11:43:27.0593 2768 \HardDisk0 - ok
2011/05/06 11:43:27.0593 2768 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/06 11:44:17.0296 2604 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (AVG Security Toolbar Service)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2052111302-630328440-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    @Alternate Data Stream - 1206 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:TUTQ6puj183yW1mxOE1
    @Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:TByF46jVZCgwjA4ZggPU6jP
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 theelectricyouth

theelectricyouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 08 May 2011 - 06:48 AM

Hi! Many many Thanks!

Here is the OTL Report, I'll run the combo fix now and reply again. As for the 2 files in question, yes I know what theyre supposed to be, DOPDF7 is a print-to-file pdf program and 137.mts is a video file, SONY MTS format.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2052111302-630328440-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:TUTQ6puj183yW1mxOE1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:TByF46jVZCgwjA4ZggPU6jP deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\One Man Nation\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\One Man Nation\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Unable to start service SrService!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1643706 bytes
->Flash cache emptied: 564 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 653548 bytes
->Flash cache emptied: 1191 bytes

User: One Man Nation
->Temp folder emptied: 1483315 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 3494040 bytes
->FireFox cache emptied: 61760178 bytes
->Flash cache emptied: 2659977 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35554 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 505287513 bytes

Total Files Cleaned = 550.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: One Man Nation
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05082011_134104

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 PM

Posted 08 May 2011 - 08:18 AM

Hi Marc!

Here is the OTL Report, I'll run the combo fix now and reply again. As for the 2 files in question, yes I know what theyre supposed to be, DOPDF7 is a print-to-file pdf program and 137.mts is a video file, SONY MTS format.

Thanks for the explanation on those files. I wanted to be sure that you knew what they were nad that they were not malicious.

Have you had a chance to run the ComboFix scan yet?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 theelectricyouth

theelectricyouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 08 May 2011 - 08:53 AM

ComboFix 11-05-07.02 - One Man Nation 08/05/2011 13:52:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1608 [GMT 2:00]
Running from: c:\documents and settings\One Man Nation\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 11:41 . 2011-05-08 11:41 -------- d-----w- C:\_OTL
2011-05-08 11:33 . 2011-05-08 11:33 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 11:33 . 2011-05-08 11:33 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 11:33 . 2011-05-08 11:33 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 11:33 . 2011-05-08 11:33 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 11:33 . 2011-05-08 11:33 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 11:33 . 2011-05-08 11:33 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 11:33 . 2011-05-08 11:33 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 11:33 . 2011-05-08 11:33 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 10:42 . 2011-05-08 11:40 -------- d-----w- c:\program files\Malware
2011-04-29 17:41 . 2011-04-29 17:41 -------- d-----w- c:\program files\GMER
2011-04-29 11:15 . 2011-04-29 11:15 -------- d-----w- c:\program files\Sophos
2011-04-29 10:37 . 2011-04-29 10:37 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-04-29 07:44 . 2011-04-29 07:44 -------- d-----w- c:\documents and settings\One Man Nation\Application Data\Malwarebytes
2011-04-29 07:44 . 2011-04-29 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-29 07:44 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 07:44 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 07:42 . 2011-04-29 07:42 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-04-16 07:24 . 2011-05-05 17:42 -------- d-----w- c:\documents and settings\One Man Nation\Application Data\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-02 14:03 . 2011-03-02 14:03 15256 ----a-w- c:\documents and settings\One Man Nation\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-05-08 11:33 . 2011-05-08 11:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2006-02-19 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2006-02-19 . 517E872A4A821C3D976D50F6A7534EC2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 61952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"HDSPTray1"="hdsp32.exe" [2008-10-28 376320]
"HDSPTray2"="hdspmix.exe" [2008-10-28 364544]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\_AUDIO\\Monome\\miniAudicle.exe"=
"c:\\Program Files\\_AUDIO\\PureData\\bin\\pd.exe"=
"c:\\WINDOWS\\system32\\chuck.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Cycling '74\\Max 5.0\\Max.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp.sys [22/09/2008 13:30 66048]
S2 AMService;AMService;c:\windows\TEMP\jptp\setup.exe run --> c:\windows\TEMP\jptp\setup.exe run [?]
S2 pwmdylfs;Microsoft UAA Function for High Definition Audio ServiceSupport;c:\windows\System32\svchost.exe -k netsvcs [04/08/2004 00:56 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\40.tmp --> c:\windows\system32\40.tmp [?]
S3 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [29/11/2005 11:16 241731]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [11/08/2008 11:03 91136]
S3 ZSMC0305;Look 316;c:\windows\system32\drivers\usbVM305.sys [01/03/2011 05:18 1466624]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pwmdylfs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2008-09-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:51]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\One Man Nation\Application Data\Mozilla\Firefox\Profiles\cej7lhb1.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 13:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\40.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\myokent.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\myokent.dll
.
- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\myokent.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-08 13:56:31
ComboFix-quarantined-files.txt 2011-05-08 11:56
.
Pre-Run: 28,646,936,576 bytes free
Post-Run: 28,621,942,784 bytes free
.
- - End Of File - - D6EBA93F2BCA15401C9737FA3F5023DB

#8 theelectricyouth

theelectricyouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 08 May 2011 - 08:56 AM

I don't understand why the combo seems to detect AVG I have already deleted it away! I hope the report wasn't bothered by the AVG, let me know what it says :)

Thanks again for all your help.

Kind Regards

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 PM

Posted 08 May 2011 - 09:02 AM

Hi!

Please run the AVG removal tool:

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.


NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
SRPeek::
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\sfcfiles.dll


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 theelectricyouth

theelectricyouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 May 2011 - 05:00 AM

I have actually ran AV remover before your recommendation here, that is why I don't understand Combofix detecting AVG. I have ran it again and tried to run Combofix again but it still detects AVG. Here is the Log, let me know if I should proceed.

2011-05-09 09:46:34,906 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-05-09 09:46:34,937 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2011-05-09 09:46:34,937 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-05-09 09:46:34,937 WARN AvgDir param empty.
2011-05-09 09:46:34,937 WARN AvgDataDir param empty.
2011-05-09 09:46:43,656 INFO AvgRemover runs in attempt number 1
2011-05-09 09:46:43,656 INFO ***** Services *****
2011-05-09 09:46:43,671 INFO Processing service avg8emc
2011-05-09 09:46:43,671 INFO Service avg8emc is not installed
2011-05-09 09:46:43,671 DEBUG Service avg8emc RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service avg8emc are not present
2011-05-09 09:46:43,671 INFO Processing service avgfws8
2011-05-09 09:46:43,671 INFO Service avgfws8 is not installed
2011-05-09 09:46:43,671 DEBUG Service avgfws8 RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service avgfws8 are not present
2011-05-09 09:46:43,671 INFO Processing service avg8wd
2011-05-09 09:46:43,671 INFO Service avg8wd is not installed
2011-05-09 09:46:43,671 DEBUG Service avg8wd RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service avg8wd are not present
2011-05-09 09:46:43,671 INFO Processing service AvgWFPx
2011-05-09 09:46:43,671 INFO Service AvgWFPx is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgWFPx RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgWFPx are not present
2011-05-09 09:46:43,671 INFO Processing service AvgWFPa
2011-05-09 09:46:43,671 INFO Service AvgWFPa is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgWFPa RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgWFPa are not present
2011-05-09 09:46:43,671 INFO Processing service AvgMfx86
2011-05-09 09:46:43,671 INFO Service AvgMfx86 is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgMfx86 RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgMfx86 are not present
2011-05-09 09:46:43,671 INFO Processing service AvgMfx64
2011-05-09 09:46:43,671 INFO Service AvgMfx64 is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgMfx64 RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgMfx64 are not present
2011-05-09 09:46:43,671 INFO Processing service AvgLdx86
2011-05-09 09:46:43,671 INFO Service AvgLdx86 is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgLdx86 RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgLdx86 are not present
2011-05-09 09:46:43,671 INFO Processing service AvgLdx64
2011-05-09 09:46:43,671 INFO Service AvgLdx64 is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgLdx64 RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgLdx64 are not present
2011-05-09 09:46:43,671 INFO Processing service AvgTdiX
2011-05-09 09:46:43,671 INFO Service AvgTdiX is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgTdiX RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgTdiX are not present
2011-05-09 09:46:43,671 INFO Processing service AvgTdiA
2011-05-09 09:46:43,671 INFO Service AvgTdiA is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgTdiA RegCleanup
2011-05-09 09:46:43,671 DEBUG Registry keys for service AvgTdiA are not present
2011-05-09 09:46:43,671 INFO Processing service AvgRkx86
2011-05-09 09:46:43,671 INFO Service AvgRkx86 is not installed
2011-05-09 09:46:43,671 DEBUG Service AvgRkx86 RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service AvgRkx86 are not present
2011-05-09 09:46:43,687 INFO Processing service AvgRkx64
2011-05-09 09:46:43,687 INFO Service AvgRkx64 is not installed
2011-05-09 09:46:43,687 DEBUG Service AvgRkx64 RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service AvgRkx64 are not present
2011-05-09 09:46:43,687 INFO Processing service avg9emc
2011-05-09 09:46:43,687 INFO Service avg9emc is not installed
2011-05-09 09:46:43,687 DEBUG Service avg9emc RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service avg9emc are not present
2011-05-09 09:46:43,687 INFO Processing service avgfws9
2011-05-09 09:46:43,687 INFO Service avgfws9 is not installed
2011-05-09 09:46:43,687 DEBUG Service avgfws9 RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service avgfws9 are not present
2011-05-09 09:46:43,687 INFO Processing service avg9wd
2011-05-09 09:46:43,687 INFO Service avg9wd is not installed
2011-05-09 09:46:43,687 DEBUG Service avg9wd RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service avg9wd are not present
2011-05-09 09:46:43,687 INFO Processing service AVGIDSAgent
2011-05-09 09:46:43,687 INFO Service AVGIDSAgent is not installed
2011-05-09 09:46:43,687 DEBUG Service AVGIDSAgent RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service AVGIDSAgent are not present
2011-05-09 09:46:43,687 INFO Processing service AVGIDSShimxpx
2011-05-09 09:46:43,687 INFO Service AVGIDSShimxpx is not installed
2011-05-09 09:46:43,687 DEBUG Service AVGIDSShimxpx RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service AVGIDSShimxpx are not present
2011-05-09 09:46:43,687 INFO Processing service AVGIDSFilterxpx
2011-05-09 09:46:43,687 INFO Service AVGIDSFilterxpx is not installed
2011-05-09 09:46:43,687 DEBUG Service AVGIDSFilterxpx RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2011-05-09 09:46:43,687 INFO Processing service AVGIDSDriverxpx
2011-05-09 09:46:43,687 INFO Service AVGIDSDriverxpx is not installed
2011-05-09 09:46:43,687 DEBUG Service AVGIDSDriverxpx RegCleanup
2011-05-09 09:46:43,687 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2011-05-09 09:46:43,687 INFO Processing service AVGIDSShimvtx
2011-05-09 09:46:43,703 INFO Service AVGIDSShimvtx is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSShimvtx RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSShimvtx are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSFiltervtx
2011-05-09 09:46:43,703 INFO Service AVGIDSFiltervtx is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSFiltervtx RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSDrivervtx
2011-05-09 09:46:43,703 INFO Service AVGIDSDrivervtx is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSDrivervtx RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSFiltervta
2011-05-09 09:46:43,703 INFO Service AVGIDSFiltervta is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSFiltervta RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSFiltervta are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSDrivervta
2011-05-09 09:46:43,703 INFO Service AVGIDSDrivervta is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSDrivervta RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSDrivervta are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSShimw7x
2011-05-09 09:46:43,703 INFO Service AVGIDSShimw7x is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSShimw7x RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSShimw7x are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSFilterw7x
2011-05-09 09:46:43,703 INFO Service AVGIDSFilterw7x is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSFilterw7x RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSDriverw7x
2011-05-09 09:46:43,703 INFO Service AVGIDSDriverw7x is not installed
2011-05-09 09:46:43,703 DEBUG Service AVGIDSDriverw7x RegCleanup
2011-05-09 09:46:43,703 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2011-05-09 09:46:43,703 INFO Processing service AVGIDSFilterw7a
2011-05-09 09:46:43,703 INFO Service AVGIDSFilterw7a is not installed
2011-05-09 09:46:43,718 DEBUG Service AVGIDSFilterw7a RegCleanup
2011-05-09 09:46:43,718 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2011-05-09 09:46:43,718 INFO Processing service AVGIDSDriverw7a
2011-05-09 09:46:43,718 INFO Service AVGIDSDriverw7a is not installed
2011-05-09 09:46:43,718 DEBUG Service AVGIDSDriverw7a RegCleanup
2011-05-09 09:46:43,718 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2011-05-09 09:46:43,718 INFO Processing service AVGIDSErHrxpx
2011-05-09 09:46:43,718 INFO Service AVGIDSErHrxpx is not installed
2011-05-09 09:46:43,718 DEBUG Service AVGIDSErHrxpx RegCleanup
2011-05-09 09:46:43,718 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2011-05-09 09:46:43,718 INFO Processing service AVGIDSErHrvtx
2011-05-09 09:46:43,718 INFO Service AVGIDSErHrvtx is not installed
2011-05-09 09:46:43,718 DEBUG Service AVGIDSErHrvtx RegCleanup
2011-05-09 09:46:43,718 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2011-05-09 09:46:43,718 INFO Processing service AVGIDSErHrvta
2011-05-09 09:46:43,718 INFO Service AVGIDSErHrvta is not installed
2011-05-09 09:46:43,718 DEBUG Service AVGIDSErHrvta RegCleanup
2011-05-09 09:46:43,718 DEBUG Registry keys for service AVGIDSErHrvta are not present
2011-05-09 09:46:43,718 INFO Processing service AVGIDSErHrw7x
2011-05-09 09:46:43,718 INFO Service AVGIDSErHrw7x is not installed
2011-05-09 09:46:43,718 DEBUG Service AVGIDSErHrw7x RegCleanup
2011-05-09 09:46:43,718 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2011-05-09 09:46:43,718 INFO Processing service AVGIDSErHrw7a
2011-05-09 09:46:43,718 INFO Service AVGIDSErHrw7a is not installed
2011-05-09 09:46:43,718 DEBUG Service AVGIDSErHrw7a RegCleanup
2011-05-09 09:46:43,718 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2011-05-09 09:46:43,718 INFO ***** Registry keys and values *****
2011-05-09 09:46:43,718 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2011-05-09 09:46:43,718 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2011-05-09 09:46:43,718 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2011-05-09 09:46:43,718 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2011-05-09 09:46:43,734 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2011-05-09 09:46:43,734 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2011-05-09 09:46:43,734 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2011-05-09 09:46:43,734 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2011-05-09 09:46:43,734 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2011-05-09 09:46:43,734 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2011-05-09 09:46:43,734 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2011-05-09 09:46:43,734 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2011-05-09 09:46:43,734 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2011-05-09 09:46:43,734 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:46:43,734 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:46:43,734 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2011-05-09 09:46:43,734 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2011-05-09 09:46:43,734 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2011-05-09 09:46:43,734 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:46:43,734 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:46:43,734 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:46:43,734 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2011-05-09 09:46:43,750 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2011-05-09 09:46:43,750 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2011-05-09 09:46:43,750 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2011-05-09 09:46:43,750 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2011-05-09 09:46:43,750 DEBUG Reading SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs failed (error: e001003d)
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify failed
2011-05-09 09:46:43,750 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:46:43,750 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:46:43,750 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:46:43,750 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:46:43,750 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:46:43,750 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:46:43,750 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:46:43,750 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:46:43,750 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:46:43,750 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-05-09 09:46:43,765 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2011-05-09 09:46:43,765 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-05-09 09:46:43,765 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2011-05-09 09:46:43,765 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\.avgdi
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\.avgdi not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-05-09 09:46:43,765 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-05-09 09:46:43,765 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG\Clients
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\Clients not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG\AVG8
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG8 not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG\AVG9
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG9 not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG\AVG IDS
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG IDS not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG
2011-05-09 09:46:43,781 DEBUG Value SOFTWARE\AVG:DumpType Remove
2011-05-09 09:46:43,781 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG Remove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG Security Toolbar
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG\AVG8
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG8 not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG\AVG9
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG\AVG9 not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG Remove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\AVG Security Toolbar
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
2011-05-09 09:46:43,781 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
2011-05-09 09:46:43,781 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:46:43,781 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
2011-05-09 09:46:43,781 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2011-05-09 09:46:43,781 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2011-05-09 09:46:43,781 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:46:43,796 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:46:43,796 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:46:43,796 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-05-09 09:46:43,796 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-05-09 09:46:43,796 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-05-09 09:46:43,796 INFO Processing registry aAvgAPI.AvgBro
2011-05-09 09:46:43,796 DEBUG Key aAvgAPI.AvgBro ForceRemove
2011-05-09 09:46:43,796 DEBUG Key aAvgAPI.AvgBro not found
2011-05-09 09:46:43,796 INFO Processing registry AVG.Office
2011-05-09 09:46:43,796 DEBUG Key AVG.Office ForceRemove
2011-05-09 09:46:43,796 DEBUG Key AVG.Office not found
2011-05-09 09:46:43,796 INFO Processing registry AVG.Office.8
2011-05-09 09:46:43,796 DEBUG Key AVG.Office.8 ForceRemove
2011-05-09 09:46:43,796 DEBUG Key AVG.Office.8 not found
2011-05-09 09:46:43,796 INFO Processing registry avgtoolbar.AVGTOOLBAR
2011-05-09 09:46:43,796 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2011-05-09 09:46:43,796 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2011-05-09 09:46:43,796 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2011-05-09 09:46:43,796 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2011-05-09 09:46:43,796 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2011-05-09 09:46:43,796 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2011-05-09 09:46:43,796 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2011-05-09 09:46:43,796 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2011-05-09 09:46:43,796 INFO Processing registry LinkScannerIE.NavFilter
2011-05-09 09:46:43,796 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2011-05-09 09:46:43,796 DEBUG Key LinkScannerIE.NavFilter not found
2011-05-09 09:46:43,796 INFO Processing registry LinkScannerIE.NavFilter.1
2011-05-09 09:46:43,796 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2011-05-09 09:46:43,796 DEBUG Key LinkScannerIE.NavFilter.1 not found
2011-05-09 09:46:43,796 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2011-05-09 09:46:43,796 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2011-05-09 09:46:43,796 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2011-05-09 09:46:43,796 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2011-05-09 09:46:43,796 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2011-05-09 09:46:43,796 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2011-05-09 09:46:43,796 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2011-05-09 09:46:43,796 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2011-05-09 09:46:43,796 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2011-05-09 09:46:43,796 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2011-05-09 09:46:43,796 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2011-05-09 09:46:43,796 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2011-05-09 09:46:43,796 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2011-05-09 09:46:43,796 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2011-05-09 09:46:43,796 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2011-05-09 09:46:43,796 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2011-05-09 09:46:43,812 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2011-05-09 09:46:43,812 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2011-05-09 09:46:43,812 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2011-05-09 09:46:43,812 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2011-05-09 09:46:43,812 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
2011-05-09 09:46:43,812 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
2011-05-09 09:46:43,812 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-05-09 09:46:43,812 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:46:43,812 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:46:43,812 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2011-05-09 09:46:43,812 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2011-05-09 09:46:43,812 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2011-05-09 09:46:43,812 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2011-05-09 09:46:43,812 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
2011-05-09 09:46:43,812 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
2011-05-09 09:46:43,812 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2011-05-09 09:46:43,812 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2011-05-09 09:46:43,812 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2011-05-09 09:46:43,812 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2011-05-09 09:46:43,812 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2011-05-09 09:46:43,812 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2011-05-09 09:46:43,812 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2011-05-09 09:46:43,828 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2011-05-09 09:46:43,828 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:46:43,828 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:46:43,828 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:46:43,828 INFO ***** Files and folders *****
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 0
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 1
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 2
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 3
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 4
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 5
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 6
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 7
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 8
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 9
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 10
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 11
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 12
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 13
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 14
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 15
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 16
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\One Man Nation\Application Data\AVGTOOLBAR
2011-05-09 09:46:43,828 INFO Directory C:\Documents and Settings\One Man Nation\Application Data\AVGTOOLBAR not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2011-05-09 09:46:43,828 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2011-05-09 09:46:43,828 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5
2011-05-09 09:46:43,828 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5 not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5
2011-05-09 09:46:43,828 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5 not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2011-05-09 09:46:43,828 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2011-05-09 09:46:43,828 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk
2011-05-09 09:46:43,828 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk not found
2011-05-09 09:46:43,828 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk
2011-05-09 09:46:43,828 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk not found
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 27
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 28
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 29
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 30
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 31
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 32
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 33
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 34
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 35
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 36
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 37
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 38
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 39
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 40
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 41
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 42
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 43
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 44
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 45
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 46
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 47
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 48
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 49
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 50
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 51
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 52
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 53
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 54
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 55
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 56
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 57
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 58
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 59
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 60
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 61
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 62
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 63
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 64
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 65
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 66
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 67
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 68
2011-05-09 09:46:43,828 DEBUG Missing ParentDir path for fileItem number 69
2011-05-09 09:46:43,843 DEBUG Missing ParentDir path for fileItem number 70
2011-05-09 09:46:43,843 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
2011-05-09 09:46:43,875 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
2011-05-09 09:46:43,875 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-05-09 09:46:43,875 DEBUG Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not deleted (error c0070091)
2011-05-09 09:46:43,875 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:46:43,875 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk
2011-05-09 09:46:43,875 INFO File C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk not found
2011-05-09 09:46:43,875 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk
2011-05-09 09:46:43,875 INFO File C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk not found
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 76
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 77
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 78
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 79
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 80
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 81
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 82
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 83
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 84
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 85
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 86
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 87
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 88
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 89
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 90
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 91
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 92
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 93
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 94
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 95
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 96
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 97
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 98
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 99
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 100
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 101
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 102
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 103
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 104
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 105
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 106
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 107
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 108
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 109
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 110
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 111
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 112
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 113
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 114
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 115
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 116
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 117
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 118
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 119
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 120
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 121
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 122
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 123
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 124
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 125
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 126
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 127
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 128
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 129
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 130
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 131
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 132
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 133
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 134
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 135
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 136
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 137
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 138
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 139
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 140
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 141
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 142
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 143
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 144
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 145
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 146
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 147
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 148
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 149
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 150
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 151
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 152
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 153
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 154
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 155
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 156
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 157
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 158
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 159
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 160
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 161
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 162
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 163
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 164
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 165
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 166
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 167
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 168
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 169
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 170
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 171
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 172
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 173
2011-05-09 09:46:43,875 DEBUG Missing ParentDir path for fileItem number 174
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 175
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 176
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 177
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 178
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 179
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 180
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 181
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 182
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 183
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 184
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 185
2011-05-09 09:46:43,890 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:46:43,890 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:46:43,890 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:46:43,890 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:46:43,890 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:46:43,890 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2011-05-09 09:46:43,890 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2011-05-09 09:46:43,890 DEBUG Processing item C:\WINDOWS\System32
2011-05-09 09:46:43,890 DEBUG Processing item C:\Program Files\AVG
2011-05-09 09:46:43,890 DEBUG Directory C:\Program Files\AVG not deleted (error c0070091)
2011-05-09 09:46:43,890 DEBUG Missing ParentDir path for fileItem number 194
2011-05-09 09:46:43,890 INFO ***** Avg Fw NDIS driver *****
2011-05-09 09:46:45,093 INFO FW NDIS driver not present
2011-05-09 09:52:17,375 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-05-09 09:52:17,406 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2011-05-09 09:52:17,406 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-05-09 09:52:17,406 WARN AvgDir param empty.
2011-05-09 09:52:17,406 WARN AvgDataDir param empty.
2011-05-09 09:52:19,093 INFO AvgRemover runs in attempt number 1
2011-05-09 09:52:19,093 INFO ***** Services *****
2011-05-09 09:52:19,093 INFO Processing service avg8emc
2011-05-09 09:52:19,093 INFO Service avg8emc is not installed
2011-05-09 09:52:19,093 DEBUG Service avg8emc RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service avg8emc are not present
2011-05-09 09:52:19,125 INFO Processing service avgfws8
2011-05-09 09:52:19,125 INFO Service avgfws8 is not installed
2011-05-09 09:52:19,125 DEBUG Service avgfws8 RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service avgfws8 are not present
2011-05-09 09:52:19,125 INFO Processing service avg8wd
2011-05-09 09:52:19,125 INFO Service avg8wd is not installed
2011-05-09 09:52:19,125 DEBUG Service avg8wd RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service avg8wd are not present
2011-05-09 09:52:19,125 INFO Processing service AvgWFPx
2011-05-09 09:52:19,125 INFO Service AvgWFPx is not installed
2011-05-09 09:52:19,125 DEBUG Service AvgWFPx RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service AvgWFPx are not present
2011-05-09 09:52:19,125 INFO Processing service AvgWFPa
2011-05-09 09:52:19,125 INFO Service AvgWFPa is not installed
2011-05-09 09:52:19,125 DEBUG Service AvgWFPa RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service AvgWFPa are not present
2011-05-09 09:52:19,125 INFO Processing service AvgMfx86
2011-05-09 09:52:19,125 INFO Service AvgMfx86 is not installed
2011-05-09 09:52:19,125 DEBUG Service AvgMfx86 RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service AvgMfx86 are not present
2011-05-09 09:52:19,125 INFO Processing service AvgMfx64
2011-05-09 09:52:19,125 INFO Service AvgMfx64 is not installed
2011-05-09 09:52:19,125 DEBUG Service AvgMfx64 RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service AvgMfx64 are not present
2011-05-09 09:52:19,125 INFO Processing service AvgLdx86
2011-05-09 09:52:19,125 INFO Service AvgLdx86 is not installed
2011-05-09 09:52:19,125 DEBUG Service AvgLdx86 RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service AvgLdx86 are not present
2011-05-09 09:52:19,125 INFO Processing service AvgLdx64
2011-05-09 09:52:19,125 INFO Service AvgLdx64 is not installed
2011-05-09 09:52:19,125 DEBUG Service AvgLdx64 RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service AvgLdx64 are not present
2011-05-09 09:52:19,125 INFO Processing service AvgTdiX
2011-05-09 09:52:19,125 INFO Service AvgTdiX is not installed
2011-05-09 09:52:19,125 DEBUG Service AvgTdiX RegCleanup
2011-05-09 09:52:19,125 DEBUG Registry keys for service AvgTdiX are not present
2011-05-09 09:52:19,125 INFO Processing service AvgTdiA
2011-05-09 09:52:19,156 INFO Service AvgTdiA is not installed
2011-05-09 09:52:19,156 DEBUG Service AvgTdiA RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service AvgTdiA are not present
2011-05-09 09:52:19,156 INFO Processing service AvgRkx86
2011-05-09 09:52:19,156 INFO Service AvgRkx86 is not installed
2011-05-09 09:52:19,156 DEBUG Service AvgRkx86 RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service AvgRkx86 are not present
2011-05-09 09:52:19,156 INFO Processing service AvgRkx64
2011-05-09 09:52:19,156 INFO Service AvgRkx64 is not installed
2011-05-09 09:52:19,156 DEBUG Service AvgRkx64 RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service AvgRkx64 are not present
2011-05-09 09:52:19,156 INFO Processing service avg9emc
2011-05-09 09:52:19,156 INFO Service avg9emc is not installed
2011-05-09 09:52:19,156 DEBUG Service avg9emc RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service avg9emc are not present
2011-05-09 09:52:19,156 INFO Processing service avgfws9
2011-05-09 09:52:19,156 INFO Service avgfws9 is not installed
2011-05-09 09:52:19,156 DEBUG Service avgfws9 RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service avgfws9 are not present
2011-05-09 09:52:19,156 INFO Processing service avg9wd
2011-05-09 09:52:19,156 INFO Service avg9wd is not installed
2011-05-09 09:52:19,156 DEBUG Service avg9wd RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service avg9wd are not present
2011-05-09 09:52:19,156 INFO Processing service AVGIDSAgent
2011-05-09 09:52:19,156 INFO Service AVGIDSAgent is not installed
2011-05-09 09:52:19,156 DEBUG Service AVGIDSAgent RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service AVGIDSAgent are not present
2011-05-09 09:52:19,156 INFO Processing service AVGIDSShimxpx
2011-05-09 09:52:19,156 INFO Service AVGIDSShimxpx is not installed
2011-05-09 09:52:19,156 DEBUG Service AVGIDSShimxpx RegCleanup
2011-05-09 09:52:19,156 DEBUG Registry keys for service AVGIDSShimxpx are not present
2011-05-09 09:52:19,156 INFO Processing service AVGIDSFilterxpx
2011-05-09 09:52:19,156 INFO Service AVGIDSFilterxpx is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSFilterxpx RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSDriverxpx
2011-05-09 09:52:19,171 INFO Service AVGIDSDriverxpx is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSDriverxpx RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSShimvtx
2011-05-09 09:52:19,171 INFO Service AVGIDSShimvtx is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSShimvtx RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSShimvtx are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSFiltervtx
2011-05-09 09:52:19,171 INFO Service AVGIDSFiltervtx is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSFiltervtx RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSDrivervtx
2011-05-09 09:52:19,171 INFO Service AVGIDSDrivervtx is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSDrivervtx RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSFiltervta
2011-05-09 09:52:19,171 INFO Service AVGIDSFiltervta is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSFiltervta RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSFiltervta are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSDrivervta
2011-05-09 09:52:19,171 INFO Service AVGIDSDrivervta is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSDrivervta RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSDrivervta are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSShimw7x
2011-05-09 09:52:19,171 INFO Service AVGIDSShimw7x is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSShimw7x RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSShimw7x are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSFilterw7x
2011-05-09 09:52:19,171 INFO Service AVGIDSFilterw7x is not installed
2011-05-09 09:52:19,171 DEBUG Service AVGIDSFilterw7x RegCleanup
2011-05-09 09:52:19,171 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2011-05-09 09:52:19,171 INFO Processing service AVGIDSDriverw7x
2011-05-09 09:52:19,187 INFO Service AVGIDSDriverw7x is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSDriverw7x RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2011-05-09 09:52:19,187 INFO Processing service AVGIDSFilterw7a
2011-05-09 09:52:19,187 INFO Service AVGIDSFilterw7a is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSFilterw7a RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2011-05-09 09:52:19,187 INFO Processing service AVGIDSDriverw7a
2011-05-09 09:52:19,187 INFO Service AVGIDSDriverw7a is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSDriverw7a RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2011-05-09 09:52:19,187 INFO Processing service AVGIDSErHrxpx
2011-05-09 09:52:19,187 INFO Service AVGIDSErHrxpx is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSErHrxpx RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2011-05-09 09:52:19,187 INFO Processing service AVGIDSErHrvtx
2011-05-09 09:52:19,187 INFO Service AVGIDSErHrvtx is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSErHrvtx RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2011-05-09 09:52:19,187 INFO Processing service AVGIDSErHrvta
2011-05-09 09:52:19,187 INFO Service AVGIDSErHrvta is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSErHrvta RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSErHrvta are not present
2011-05-09 09:52:19,187 INFO Processing service AVGIDSErHrw7x
2011-05-09 09:52:19,187 INFO Service AVGIDSErHrw7x is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSErHrw7x RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2011-05-09 09:52:19,187 INFO Processing service AVGIDSErHrw7a
2011-05-09 09:52:19,187 INFO Service AVGIDSErHrw7a is not installed
2011-05-09 09:52:19,187 DEBUG Service AVGIDSErHrw7a RegCleanup
2011-05-09 09:52:19,187 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2011-05-09 09:52:19,187 INFO ***** Registry keys and values *****
2011-05-09 09:52:19,187 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2011-05-09 09:52:19,203 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2011-05-09 09:52:19,203 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2011-05-09 09:52:19,203 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2011-05-09 09:52:19,203 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2011-05-09 09:52:19,203 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2011-05-09 09:52:19,203 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2011-05-09 09:52:19,203 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2011-05-09 09:52:19,203 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2011-05-09 09:52:19,203 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2011-05-09 09:52:19,203 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2011-05-09 09:52:19,203 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2011-05-09 09:52:19,203 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2011-05-09 09:52:19,203 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:52:19,203 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:52:19,203 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2011-05-09 09:52:19,203 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2011-05-09 09:52:19,203 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2011-05-09 09:52:19,203 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:52:19,203 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:52:19,203 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:52:19,203 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2011-05-09 09:52:19,218 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2011-05-09 09:52:19,218 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2011-05-09 09:52:19,218 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2011-05-09 09:52:19,218 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2011-05-09 09:52:19,218 DEBUG Reading SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs failed (error: e001003d)
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify failed
2011-05-09 09:52:19,218 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:52:19,218 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:52:19,218 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:52:19,218 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:52:19,218 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:52:19,218 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:52:19,218 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2011-05-09 09:52:19,218 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2011-05-09 09:52:19,218 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-05-09 09:52:19,218 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2011-05-09 09:52:19,234 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-05-09 09:52:19,234 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2011-05-09 09:52:19,234 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Classes\.avgdi
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\.avgdi not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-05-09 09:52:19,234 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-05-09 09:52:19,234 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG\Clients
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\Clients not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG\AVG8
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG8 not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG\AVG9
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG9 not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG\AVG IDS
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG IDS not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG
2011-05-09 09:52:19,250 DEBUG Value SOFTWARE\AVG:DumpType Remove
2011-05-09 09:52:19,250 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG Remove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG Security Toolbar
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG\AVG8
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG8 not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG\AVG9
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG\AVG9 not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG Remove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\AVG Security Toolbar
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
2011-05-09 09:52:19,250 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
2011-05-09 09:52:19,250 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:52:19,250 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
2011-05-09 09:52:19,250 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2011-05-09 09:52:19,250 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2011-05-09 09:52:19,250 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:52:19,265 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:52:19,265 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-05-09 09:52:19,265 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-05-09 09:52:19,265 INFO Processing registry aAvgAPI.AvgBro
2011-05-09 09:52:19,265 DEBUG Key aAvgAPI.AvgBro ForceRemove
2011-05-09 09:52:19,265 DEBUG Key aAvgAPI.AvgBro not found
2011-05-09 09:52:19,265 INFO Processing registry AVG.Office
2011-05-09 09:52:19,265 DEBUG Key AVG.Office ForceRemove
2011-05-09 09:52:19,265 DEBUG Key AVG.Office not found
2011-05-09 09:52:19,265 INFO Processing registry AVG.Office.8
2011-05-09 09:52:19,265 DEBUG Key AVG.Office.8 ForceRemove
2011-05-09 09:52:19,265 DEBUG Key AVG.Office.8 not found
2011-05-09 09:52:19,265 INFO Processing registry avgtoolbar.AVGTOOLBAR
2011-05-09 09:52:19,265 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2011-05-09 09:52:19,265 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2011-05-09 09:52:19,265 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2011-05-09 09:52:19,265 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2011-05-09 09:52:19,265 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2011-05-09 09:52:19,265 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2011-05-09 09:52:19,265 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2011-05-09 09:52:19,265 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2011-05-09 09:52:19,265 INFO Processing registry LinkScannerIE.NavFilter
2011-05-09 09:52:19,265 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2011-05-09 09:52:19,265 DEBUG Key LinkScannerIE.NavFilter not found
2011-05-09 09:52:19,265 INFO Processing registry LinkScannerIE.NavFilter.1
2011-05-09 09:52:19,265 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2011-05-09 09:52:19,265 DEBUG Key LinkScannerIE.NavFilter.1 not found
2011-05-09 09:52:19,265 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2011-05-09 09:52:19,265 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2011-05-09 09:52:19,265 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2011-05-09 09:52:19,265 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2011-05-09 09:52:19,265 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2011-05-09 09:52:19,265 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2011-05-09 09:52:19,265 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2011-05-09 09:52:19,265 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2011-05-09 09:52:19,265 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2011-05-09 09:52:19,265 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2011-05-09 09:52:19,265 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2011-05-09 09:52:19,265 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2011-05-09 09:52:19,265 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2011-05-09 09:52:19,265 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2011-05-09 09:52:19,281 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2011-05-09 09:52:19,281 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2011-05-09 09:52:19,281 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2011-05-09 09:52:19,281 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2011-05-09 09:52:19,281 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2011-05-09 09:52:19,281 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
2011-05-09 09:52:19,281 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
2011-05-09 09:52:19,281 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-05-09 09:52:19,281 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-05-09 09:52:19,281 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:52:19,281 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:52:19,281 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2011-05-09 09:52:19,281 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2011-05-09 09:52:19,281 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2011-05-09 09:52:19,281 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2011-05-09 09:52:19,281 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
2011-05-09 09:52:19,281 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
2011-05-09 09:52:19,281 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2011-05-09 09:52:19,281 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2011-05-09 09:52:19,281 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2011-05-09 09:52:19,281 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-05-09 09:52:19,281 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-05-09 09:52:19,281 INFO ***** Files and folders *****
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 0
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 1
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 2
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 3
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 4
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 5
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 6
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 7
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 8
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 9
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 10
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 11
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 12
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 13
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 14
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 15
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 16
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\One Man Nation\Application Data\AVGTOOLBAR
2011-05-09 09:52:19,296 INFO Directory C:\Documents and Settings\One Man Nation\Application Data\AVGTOOLBAR not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2011-05-09 09:52:19,296 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2011-05-09 09:52:19,296 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5
2011-05-09 09:52:19,296 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5 not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5
2011-05-09 09:52:19,296 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5 not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2011-05-09 09:52:19,296 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2011-05-09 09:52:19,296 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk
2011-05-09 09:52:19,296 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk not found
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk
2011-05-09 09:52:19,296 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk not found
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 27
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 28
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 29
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 30
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 31
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 32
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 33
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 34
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 35
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 36
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 37
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 38
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 39
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 40
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 41
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 42
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 43
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 44
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 45
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 46
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 47
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 48
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 49
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 50
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 51
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 52
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 53
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 54
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 55
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 56
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 57
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 58
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 59
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 60
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 61
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 62
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 63
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 64
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 65
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 66
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 67
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 68
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 69
2011-05-09 09:52:19,296 DEBUG Missing ParentDir path for fileItem number 70
2011-05-09 09:52:19,296 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
2011-05-09 09:52:19,328 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
2011-05-09 09:52:19,328 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-05-09 09:52:19,328 DEBUG Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not deleted (error c0070091)
2011-05-09 09:52:19,328 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:52:19,328 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk
2011-05-09 09:52:19,328 INFO File C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk not found
2011-05-09 09:52:19,328 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk
2011-05-09 09:52:19,328 INFO File C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk not found
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 76
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 77
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 78
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 79
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 80
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 81
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 82
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 83
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 84
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 85
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 86
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 87
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 88
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 89
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 90
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 91
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 92
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 93
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 94
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 95
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 96
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 97
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 98
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 99
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 100
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 101
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 102
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 103
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 104
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 105
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 106
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 107
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 108
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 109
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 110
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 111
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 112
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 113
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 114
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 115
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 116
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 117
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 118
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 119
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 120
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 121
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 122
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 123
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 124
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 125
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 126
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 127
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 128
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 129
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 130
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 131
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 132
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 133
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 134
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 135
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 136
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 137
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 138
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 139
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 140
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 141
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 142
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 143
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 144
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 145
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 146
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 147
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 148
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 149
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 150
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 151
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 152
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 153
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 154
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 155
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 156
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 157
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 158
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 159
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 160
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 161
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 162
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 163
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 164
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 165
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 166
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 167
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 168
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 169
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 170
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 171
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 172
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 173
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 174
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 175
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 176
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 177
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 178
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 179
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 180
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 181
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 182
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 183
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 184
2011-05-09 09:52:19,328 DEBUG Missing ParentDir path for fileItem number 185
2011-05-09 09:52:19,328 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:52:19,328 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:52:19,328 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:52:19,328 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:52:19,328 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-05-09 09:52:19,328 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2011-05-09 09:52:19,328 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2011-05-09 09:52:19,343 DEBUG Processing item C:\WINDOWS\System32
2011-05-09 09:52:19,343 DEBUG Processing item C:\Program Files\AVG
2011-05-09 09:52:19,343 INFO Directory C:\Program Files\AVG not found
2011-05-09 09:52:19,343 DEBUG Missing ParentDir path for fileItem number 194
2011-05-09 09:52:19,343 INFO ***** Avg Fw NDIS driver *****
2011-05-09 09:52:20,515 INFO FW NDIS driver not present

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 PM

Posted 09 May 2011 - 10:32 AM

hmm...

Can you try to use this tool and see if it detects AVG being installed:

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 theelectricyouth

theelectricyouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 10 May 2011 - 04:42 AM

I have also ran this Appremover before the first time I ran combo fix and it doesn't detect AVG. I don't want AVG in my computer honestly, so it really isn't a problem to remove it. The only thing is I can't seem to do it with all the Removal Apps!

Let me know if you have figured out why the AVG doesn't seem to be deleted, when even when I check, AVG doesn't seem to be anywhere in the computer. Maybe its a false alarm?

Also, I'll be away from the computer until the 15th, so please excuse my leave, I will be back to continue this cleaning process with you then.

Regards.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 PM

Posted 10 May 2011 - 11:06 AM

Hi!

Also, I'll be away from the computer until the 15th, so please excuse my leave, I will be back to continue this cleaning process with you then.

Thanks for letting me know.

Lets try and get rid of AVG once and for all.

Please do this for me:

WBEMTEST
--------------
We need to check the Antivirus/Firewall applications that are registered in Security Center.
Please make sure you do not make any other modifications except for those instructed below!

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Click Connect.
4. In the top left box type root\SecurityCenter and click Connect
5. Click on Query
6. Type SELECT * FROM AntiVirusProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result and scroll down to Display name.
Please let me know how many entries are found and what the Display name is.

Edited by SweetTech, 10 May 2011 - 11:06 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 PM

Posted 13 May 2011 - 08:58 AM

Bumping thread back up in my queue.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 theelectricyouth

theelectricyouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 16 May 2011 - 05:35 AM

Hi!

Just got back, how're you doing!?

Ok I ran the wbemtest as instructed. I have only 1 entry under SELECT * FROM AntiVirusProduct, it is "AntiVirusProduct.instanceGuid="{17DDD097-36FF-435F-9E1B-52D74245D6BF}"

Let me know if I should proceed to delete this and run the combofix as instructed.

Best.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users