Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Savedump.exe error AND Security update can't install AND InstallerCore(TM) in Firewall exeption


  • This topic is locked This topic is locked
14 replies to this topic

#1 Rob Groen

Rob Groen

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:36 AM

Posted 24 May 2012 - 02:32 AM

My sisters Desktop is a little bit sick.
I noticed the following items.



####################################################################
-1- Savedump.exe error
####################################################################

At boot before the desktop uis lanched this error message comes up:

DUTCH
Savedump.exe - kan onderdeel niet vinden.

Deze toepassing kan niet worden gestart omdat DBGHELP.dll niet kan
worden gevonden. Het opnieuw installeren dan deze toepassing kan
dit probleem oplossen


ENGLISH (translated)
Savedump.exe - cant find this part.

This program can start because DBGHELP.dll can't be found.
Installing this program can agoin can solve this problem.



####################################################################
-2- Security update can't install
####################################################################

Windows auto update comes with this message:

DUTCH:
====================================================================
Sommige updates kunnen niet worden geinstalleerd

De volgende updates zijn niet geinstalleerd:
-------------------------------------------------------------------
Beveiliginsgupdate voor Microsoft .NET Framwork 2.0 SP2 op Windows
Server 2003 en Windows XP x86 (KB263380)

------------------------------------------------------

ENGLISH (translated)
====================================================================
Some updates can't be installed

The following update are not installed
-------------------------------------------------------------------
Security update for Microsoft .NET Framwork 2.0 SP2 op Windows
Server 2003 and Windows XP x86 (KB263380)

-------------------------------------------------------------------


####################################################################
-3- At shutdown machine suddenly shuts off
####################################################################
While shutting down the machine is suddenly shut off while there is
still the Windows blue shutdown screen with the message that machine
preparing for shutdown.

While booting the message that the machine was not shutdown correct
shows up.



####################################################################
-4- InstallerCore™ in Firewall exeption
####################################################################
In configuration screen (Classic view) -> Firewall -> tab Exeption
I see twice the name InstallerCore™

I unchecked both checkboxes.


####################################################################
Here is the DDS.txt
####################################################################
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by carla at 14:48:10 on 2012-05-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1065 [GMT 2:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=290412_4_vs&babsrc=HP_ss&mntrId=d0e541bd000000000000000c6eed84ae
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon Toolbar by Visicom: {51dd3535-abea-484a-b1cf-06ab7b092c0c} - c:\program files\babylon01\babylon01X.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: iFinger plugin / Browser helper object: {a114d52b-870c-4f15-8021-b6d7f91a054b} - c:\progra~1\ifinger\plugins\IE.ifp
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Softonic Helper Object: {e87806b5-e908-45fd-af5e-957d83e58e68} - c:\program files\softonic\softonic\1.5.21.0\bh\Softonic.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Standard 4.0: {f9443a35-6bfd-11d7-acd0-00b0d094b576} - c:\program files\systran\4_0\standard\IEPlugin.dll
TB: Softonic Toolbar: {5018cfd2-804d-4c99-9f81-25eaea2769de} - c:\program files\softonic\softonic\1.5.21.0\SoftonicTlbr.dll
TB: Babylon Toolbar by Visicom: {51dd3535-abea-484a-b1cf-06ab7b092c0c} - c:\program files\babylon01\babylon01X.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [LiveNote] livenote.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [HPpromo psc 2175] "c:\program files\hewlett-packard\digital imaging\bin\hpqWRG.exe" /N "psc 2175" -r
mRun: [hp 1000 firmware] c:\program files\hp laserjet 1000\fwdl.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Anvshell] anvshell.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [FreePDF Assistant] "c:\program files\freepdf_xp\fpassist.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mi02dc~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {936E5D60-596C-11D3-BB96-00600816DF55} - {0CBD5120-990B-11D3-8ABD-00C04FA95EE0} - c:\windows\system32\SHDOCVW.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - hxxp://www.webshots.com/samplers/WSDownloader.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143972882890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
TCP: DhcpNameServer = 192.168.1.150 195.241.77.55 195.241.77.58
TCP: Interfaces\{C77E5D01-42DE-48EA-A039-08EFB5C18179} : DhcpNameServer = 192.168.1.150 195.241.77.55 195.241.77.58
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carla\application data\mozilla\firefox\profiles\gnb9jtzd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642709&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&tt=290412_4_vs&babsrc=KW_ss&mntrId=d0e541bd000000000000000c6eed84ae&q=
FF - plugin: c:\documents and settings\carla\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extentions.y2layers.installId - 97219f5c-e138-40c9-9f60-ac4c9eb86b3c
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - d0e541bd000000000000000c6eed84ae
FF - user.js: extensions.Softonic.instlDay - 15467
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.014:29:52
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2004-2-23 233280]
R2 MSSQL$PROFITSQL;MSSQL$PROFITSQL;c:\program files\afas software\mssql$profitsql\binn\sqlservr.exe -sprofitsql --> c:\program files\afas software\mssql$profitsql\binn\sqlservr.exe -sPROFITSQL [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 129976]
S3 SQLAgent$PROFITSQL;SQLAgent$PROFITSQL;c:\program files\afas software\mssql$profitsql\binn\sqlagent.exe -i profitsql --> c:\program files\afas software\mssql$profitsql\binn\sqlagent.EXE -i PROFITSQL [?]
.
=============== Created Last 30 ================
.
2012-05-18 12:35:06 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f2ed8d76-3074-46b6-b7d0-507b520f2e15}\mpengine.dll
2012-05-15 12:42:16 6734704 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-07 14:13:29 -------- d-----w- c:\documents and settings\carla\local settings\application data\CUSTPDF Writer
2012-05-07 09:33:09 -------- d-----w- c:\documents and settings\carla\local settings\application data\I Want This
2012-05-07 09:33:03 -------- d-----w- c:\program files\I Want This
2012-05-07 09:33:02 -------- d-----w- c:\program files\DealPly
2012-05-07 09:32:42 -------- d-----w- c:\documents and settings\carla\application data\babylon01
2012-05-07 09:31:59 -------- d-----w- c:\program files\babylon01
2012-05-07 09:31:37 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-05-07 09:31:20 -------- d-----w- C:\Program1
2012-05-07 09:31:17 -------- d-----w- c:\program files\Yontoo
2012-05-07 09:31:12 -------- d-----w- c:\documents and settings\carla\local settings\application data\Babylon
2012-05-07 09:31:09 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-05-07 09:31:08 -------- d-----w- c:\documents and settings\carla\application data\Babylon
2012-05-07 09:31:08 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-05-07 09:28:44 -------- d-----w- c:\documents and settings\carla\application data\Softonic
2012-05-07 09:28:37 -------- d-----w- c:\program files\Softonic
2012-05-07 09:27:58 45056 ----a-w- c:\windows\system32\unredmon.exe
2012-05-07 09:27:57 116224 ----a-w- c:\windows\system32\redmonnt.dll
2012-05-07 09:27:49 -------- d-----w- c:\program files\FreePDF_XP
2012-05-07 09:27:49 -------- d-----w- c:\documents and settings\carla\application data\FreePDF
2012-05-05 12:17:18 -------- d-s---w- C:\ComboFix
2012-05-05 12:08:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 07:08:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 07:06:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-04 06:16:05 -------- d-----w- C:\ac7c40f08dd5b0a151a0da44ab
2012-05-02 21:46:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 21:46:45 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 20:38:09 -------- d-sha-r- C:\cmdcons
2012-05-02 20:07:13 3993600 ----a-w- c:\program files\GUT3B.tmp
2012-05-02 20:07:13 -------- d-----w- c:\program files\GUM3A.tmp
2012-05-02 19:29:18 3993600 ----a-w- c:\program files\GUT3.tmp
2012-05-02 19:29:18 -------- d-----w- c:\program files\GUM2.tmp
.
==================== Find3M ====================
.
2012-05-18 12:23:46 98304 ----a-w- c:\windows\DUMP6ea8.tmp
2012-05-14 11:19:38 90112 ----a-w- c:\windows\DUMP70bb.tmp
2012-05-02 23:11:00 1409 ----a-w- c:\windows\QTFont.for
2012-05-02 21:46:18 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:55:32 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55:21 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55:17 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 18:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:00:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:27 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:27 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:53 385024 ----a-w- c:\windows\system32\html.iec
2006-11-11 18:58:55 13256032 ----a-w- c:\program files\PDFCreator-0_9_3_GPLGhostscript.exe
1999-12-20 11:30:58 2532352 ----a-w- c:\program files\Succes.exe
1998-06-09 03:00:00 244984 ----a-w- c:\program files\Tutil32.dll
1997-10-30 11:52:44 893696 ----a-w- c:\program files\Huisstyl.exe
1997-04-22 23:16:12 40960 ----a-w- c:\program files\_ISREG32.DLL
1997-03-03 05:23:24 546816 ----a-w- c:\program files\CRDE31V1.DLL
1997-03-03 05:23:24 251168 ----a-w- c:\program files\ILSPEC16.DLL
1997-03-03 05:23:24 168998 ----a-w- c:\program files\ILTIF16.DLL
1997-03-03 05:23:24 144758 ----a-w- c:\program files\ILDXF16.DLL
.
============= FINISH: 14:50:20,68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 30 May 2012 - 02:36 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/454710 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:36 AM

Posted 30 May 2012 - 04:10 AM

Step (1) Done!, Yes I need help

Step (2)

-1- The description of the problem is in my first post. I didn't make any changes on the machine since than.

-2- Logs are in my first post. After making those log I turned off the machine. I suppose that when I make new log they a the same due to the fact that I didn't make any changes on th machine and I didn't even use the machine, I turned it off while waiting for your help. I suppose those log are OK. Right?

-3- Yes I have the original Window CD available.

-4- OK, fine for me :)

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 30 May 2012 - 09:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.


p.s.
Are there any Browsing object you wish to remove.
They may have been installed by 3rd party programs.

#5 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:36 AM

Posted 31 May 2012 - 05:38 AM

Hi nasdaq,

First of all, Thanks for your help.

I did as you said and I noticed the following issues:

-1- While starting ComboFix I got the message that "AVG Internet Security 2012" (see sceenshot 01) is still running and that I have to shutdown that Anti Virus program. The problem is that I can't shut it down because there is no AVG anymore on this machine. I removed it earlier.

Then I get the message the AVG is still running but ComboFix wil start anyway (see screenshot 02) while this can give some problems due to the fact that a antivirus program is running.

See screenshot 03 for my software list. There is no AVG on that list.

ComboFix run normal ( I suppose )

-2- After running ComoFix and saving the log my desktop was completely empty, no icons, no taksbars. I had to reboot the machine.

-3- After reboot and starting FirFox I got the message that FF is not my default browser anymore.


###################################################################################
###################################################################################
Here is my ComboFix Log
###################################################################################
###################################################################################
ComboFix 12-05-30.04 - carla 31-05-2012 8:59.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1085 [GMT 2:00]
Gestart vanuit: c:\documents and settings\carla\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\I Want This
c:\program files\I Want This\appAPIinternalWrapper.js
c:\program files\I Want This\fb.js
c:\program files\I Want This\I Want This.dll
c:\program files\I Want This\I Want This.exe
c:\program files\I Want This\I Want This.ico
c:\program files\I Want This\I Want This.ini
c:\program files\I Want This\I Want ThisGui.exe
c:\program files\I Want This\I Want ThisInstaller.log
c:\program files\I Want This\jquery.js
c:\program files\I Want This\json.js
c:\program files\I Want This\Uninstall.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-31 ))))))))))))))))))))))))))))))
.
.
2012-05-31 06:45 . 2012-05-31 06:45 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12736CF8-B7FD-4F1A-B102-31A3DA51BDDB}\offreg.dll
2012-05-31 06:44 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12736CF8-B7FD-4F1A-B102-31A3DA51BDDB}\mpengine.dll
2012-05-23 12:47 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-07 14:13 . 2012-05-07 14:13 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\CUSTPDF Writer
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\I Want This
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\program files\DealPly
2012-05-07 09:32 . 2012-05-07 12:30 -------- d-----w- c:\documents and settings\carla\Application Data\babylon01
2012-05-07 09:31 . 2012-05-07 09:32 -------- d-----w- c:\program files\babylon01
2012-05-07 09:31 . 2011-10-04 20:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- C:\Program1
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\program files\Yontoo
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\Babylon
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Application Data\Babylon
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-05-07 09:28 . 2012-05-07 12:29 167 ----a-w- C:\user.js
2012-05-07 09:28 . 2012-05-07 09:28 -------- d-----w- c:\documents and settings\carla\Application Data\Softonic
2012-05-07 09:28 . 2012-05-07 09:28 -------- d-----w- c:\program files\Softonic
2012-05-07 09:27 . 2010-06-17 19:56 45056 ----a-w- c:\windows\system32\unredmon.exe
2012-05-07 09:27 . 2010-06-17 19:56 116224 ----a-w- c:\windows\system32\redmonnt.dll
2012-05-07 09:27 . 2012-05-07 09:27 -------- d-----w- c:\program files\FreePDF_XP
2012-05-07 09:27 . 2012-05-07 09:27 -------- d-----w- c:\documents and settings\carla\Application Data\FreePDF
2012-05-05 12:08 . 2012-05-05 12:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 07:08 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 07:06 . 2012-05-05 07:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-04 06:16 . 2012-05-04 06:16 -------- d-----w- C:\ac7c40f08dd5b0a151a0da44ab
2012-05-02 21:47 . 2012-05-02 21:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-02 21:46 . 2012-05-02 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 21:46 . 2012-05-02 21:46 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 21:46 . 2012-05-02 21:46 -------- d-----w- c:\program files\Java
2012-05-02 20:07 . 2012-05-02 20:12 3993600 ----a-w- c:\program files\GUT3B.tmp
2012-05-02 20:07 . 2012-05-02 20:07 -------- d-----w- c:\program files\GUM3A.tmp
2012-05-02 20:03 . 2012-05-03 15:37 -------- d-----w- c:\documents and settings\Administrator
2012-05-02 19:29 . 2012-05-02 19:36 -------- d-----w- c:\program files\GUM2.tmp
2012-05-02 19:29 . 2012-05-02 19:29 3993600 ----a-w- c:\program files\GUT3.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 12:23 . 2004-02-22 21:29 98304 ----a-w- c:\windows\DUMP6ea8.tmp
2012-05-14 11:19 . 2004-02-22 21:29 90112 ----a-w- c:\windows\DUMP70bb.tmp
2012-05-02 23:11 . 2011-08-07 19:24 1409 ----a-w- c:\windows\QTFont.for
2012-05-02 21:46 . 2010-12-20 15:49 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2003-04-08 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2003-04-08 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2006-11-11 18:58 . 2006-11-11 18:55 13256032 ----a-w- c:\program files\PDFCreator-0_9_3_GPLGhostscript.exe
1999-12-20 11:30 . 2007-05-23 14:01 2532352 ----a-w- c:\program files\Succes.exe
1998-06-09 03:00 . 2007-05-23 14:01 244984 ----a-w- c:\program files\Tutil32.dll
1997-10-30 11:52 . 2006-08-20 09:59 893696 ----a-w- c:\program files\Huisstyl.exe
1997-04-22 23:16 . 2006-08-20 09:59 40960 ----a-w- c:\program files\_ISREG32.DLL
1997-03-03 05:23 . 2006-08-20 09:59 546816 ----a-w- c:\program files\CRDE31V1.DLL
1997-03-03 05:23 . 2006-08-20 09:59 251168 ----a-w- c:\program files\ILSPEC16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 168998 ----a-w- c:\program files\ILTIF16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 144758 ----a-w- c:\program files\ILDXF16.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51dd3535-abea-484a-b1cf-06ab7b092c0c}]
2012-05-06 07:51 85288 ----a-w- c:\program files\babylon01\babylon01X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-03-15 13:57 242384 ----a-w- c:\program files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576]
"{51dd3535-abea-484a-b1cf-06ab7b092c0c}"= "c:\program files\babylon01\babylon01X.dll" [2012-05-06 85288]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{51dd3535-abea-484a-b1cf-06ab7b092c0c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"LiveNote"="livenote.exe" [2002-07-11 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-04-30 966706]
"HPpromo psc 2175"="c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" [2003-09-08 126976]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-04-18 36864]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Anvshell"="anvshell.exe" [2003-05-29 348160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-11-17 00:08 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-04-07 20:36 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater10.2.0"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup(3).exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup.exe"=
.
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [23-2-2004 0:59 233280]
R2 MSSQL$PROFITSQL;MSSQL$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 14:21 92592]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5-5-2012 14:08 129976]
S3 SQLAgent$PROFITSQL;SQLAgent$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-23 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8079556103.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2004-07-15 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8081533955.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004Core.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004UA.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-05-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-05-31 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-07-16 07:53]
.
2012-05-31 c:\windows\Tasks\User_Feed_Synchronization-{B40B18CC-DAF1-4CF8-9BAE-75762FDF6441}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=290412_4_vs&babsrc=HP_ss&mntrId=d0e541bd000000000000000c6eed84ae
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI02DC~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.150 195.241.77.55 195.241.77.58
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
FF - ProfilePath - c:\documents and settings\carla\Application Data\Mozilla\Firefox\Profiles\gnb9jtzd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642709&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&tt=290412_4_vs&babsrc=KW_ss&mntrId=d0e541bd000000000000000c6eed84ae&q=
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extentions.y2layers.installId - 97219f5c-e138-40c9-9f60-ac4c9eb86b3c
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - d0e541bd000000000000000c6eed84ae
FF - user.js: extensions.Softonic.instlDay - 15467
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.014:29
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-I Want This - c:\program files\I Want This\Uninstall.exe
AddRemove-PDF Creator - c:\program\uninstpw.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-31 09:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|˙˙˙˙•€|ů•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1264)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-05-31 09:13:04
ComboFix-quarantined-files.txt 2012-05-31 07:13
.
Pre-Run: 80.668.454.912 bytes beschikbaar
Post-Run: 80.819.056.640 bytes beschikbaar
.
- - End Of File - - A8275473B3767253BAE649458C148FD6



###################################################################################
###################################################################################
Here is my checkup log
###################################################################################
###################################################################################

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 32
Java version out of date!
Adobe Flash Player 11.0.1.152
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
Mozilla Thunderbird (2.0.0 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

###################################################################################
###################################################################################


> Are there any Browsing object you wish to remove.
It's not my machine but I think it's a good aider to remove any suspected programs like toolbars and PDF printers etc.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 31 May 2012 - 09:14 AM

To remove AVG completely please run this tool.
Please download the AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avgremover.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Restart your computer if asked.
  • Then delete avgremover.exe from your desktop.
===

Open notepad and copy/paste the text in the quote box below into it:

File::

Folder::
c:\program files\babylon01
c:\program files\Softonic

DDS
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=290412_4_vs&babsrc=HP_ss&mntrId=d0e541bd000000000000000c6eed84ae

Firefox::
FF - ProfilePath - c:\documents and settings\carla\Application Data\Mozilla\Firefox\Profiles\gnb9jtzd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642709&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&tt=290412_4_vs&babsrc=KW_ss&mntrId=d0e541bd000000000000000c6eed84ae&q=
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: security.csp.enable - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - d0e541bd000000000000000c6eed84ae
FF - user.js: extensions.Softonic.instlDay - 15467
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.014:29
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51dd3535-abea-484a-b1cf-06ab7b092c0c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=-
"{51dd3535-abea-484a-b1cf-06ab7b092c0c}"=-
[-HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[-HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\Softonic.dskBnd]

ClearJavaCache::



Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

After reboot and starting FirFox I got the message that FF is not my default browser anymore.


Try this fix.
http://support.mozilla.org/en-US/kb/how-make-web-links-open-firefox-default
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 32


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please post the ComboFix log and let me know what problem persists.

#7 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:36 AM

Posted 31 May 2012 - 01:53 PM

I used AVGremover and it didn't work as expected.
I run very fast and than ready.
No restart was asked.


###################################################################################
###################################################################################
Here is the log from avgremover
###################################################################################
###################################################################################
2012-05-31 15:08:10,152 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-31 15:08:10,184 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-31 15:08:10,184 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-05-31 15:08:10,184 WARN AvgDir param empty.
2012-05-31 15:08:10,184 WARN AvgDataDir param empty.
2012-05-31 15:08:27,293 INFO AvgRemover runs in attempt number 1
2012-05-31 15:08:27,293 INFO ***** Services *****
2012-05-31 15:08:27,293 INFO Processing service avg8emc
2012-05-31 15:08:27,293 INFO Service avg8emc is not installed
2012-05-31 15:08:27,293 DEBUG Service avg8emc RegCleanup
2012-05-31 15:08:27,293 DEBUG Registry keys for service avg8emc are not present
2012-05-31 15:08:27,293 INFO Processing service avgfws8
2012-05-31 15:08:27,293 INFO Service avgfws8 is not installed
2012-05-31 15:08:27,293 DEBUG Service avgfws8 RegCleanup
2012-05-31 15:08:27,293 DEBUG Registry keys for service avgfws8 are not present
2012-05-31 15:08:27,293 INFO Processing service avg8wd
2012-05-31 15:08:27,293 INFO Service avg8wd is not installed
2012-05-31 15:08:27,293 DEBUG Service avg8wd RegCleanup
2012-05-31 15:08:27,293 DEBUG Registry keys for service avg8wd are not present
2012-05-31 15:08:27,293 INFO Processing service AvgWFPx
2012-05-31 15:08:27,309 INFO Service AvgWFPx is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgWFPx RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgWFPx are not present
2012-05-31 15:08:27,309 INFO Processing service AvgWFPa
2012-05-31 15:08:27,309 INFO Service AvgWFPa is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgWFPa RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgWFPa are not present
2012-05-31 15:08:27,309 INFO Processing service AvgMfx86
2012-05-31 15:08:27,309 INFO Service AvgMfx86 is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgMfx86 RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgMfx86 are not present
2012-05-31 15:08:27,309 INFO Processing service AvgMfx64
2012-05-31 15:08:27,309 INFO Service AvgMfx64 is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgMfx64 RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgMfx64 are not present
2012-05-31 15:08:27,309 INFO Processing service AvgLdx86
2012-05-31 15:08:27,309 INFO Service AvgLdx86 is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgLdx86 RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgLdx86 are not present
2012-05-31 15:08:27,309 INFO Processing service AvgLdx64
2012-05-31 15:08:27,309 INFO Service AvgLdx64 is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgLdx64 RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgLdx64 are not present
2012-05-31 15:08:27,309 INFO Processing service AvgTdiX
2012-05-31 15:08:27,309 INFO Service AvgTdiX is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgTdiX RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgTdiX are not present
2012-05-31 15:08:27,309 INFO Processing service AvgTdiA
2012-05-31 15:08:27,309 INFO Service AvgTdiA is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgTdiA RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgTdiA are not present
2012-05-31 15:08:27,309 INFO Processing service AvgRkx86
2012-05-31 15:08:27,309 INFO Service AvgRkx86 is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgRkx86 RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgRkx86 are not present
2012-05-31 15:08:27,309 INFO Processing service AvgRkx64
2012-05-31 15:08:27,309 INFO Service AvgRkx64 is not installed
2012-05-31 15:08:27,309 DEBUG Service AvgRkx64 RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AvgRkx64 are not present
2012-05-31 15:08:27,309 INFO Processing service avg9emc
2012-05-31 15:08:27,309 INFO Service avg9emc is not installed
2012-05-31 15:08:27,309 DEBUG Service avg9emc RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service avg9emc are not present
2012-05-31 15:08:27,309 INFO Processing service avgfws9
2012-05-31 15:08:27,309 INFO Service avgfws9 is not installed
2012-05-31 15:08:27,309 DEBUG Service avgfws9 RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service avgfws9 are not present
2012-05-31 15:08:27,309 INFO Processing service avg9wd
2012-05-31 15:08:27,309 INFO Service avg9wd is not installed
2012-05-31 15:08:27,309 DEBUG Service avg9wd RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service avg9wd are not present
2012-05-31 15:08:27,309 INFO Processing service AVGIDSAgent
2012-05-31 15:08:27,309 INFO Service AVGIDSAgent is not installed
2012-05-31 15:08:27,309 DEBUG Service AVGIDSAgent RegCleanup
2012-05-31 15:08:27,309 DEBUG Registry keys for service AVGIDSAgent are not present
2012-05-31 15:08:27,309 INFO Processing service AVGIDSShimxpx
2012-05-31 15:08:27,324 INFO Service AVGIDSShimxpx is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSShimxpx RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSShimxpx are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSFilterxpx
2012-05-31 15:08:27,324 INFO Service AVGIDSFilterxpx is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSFilterxpx RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSDriverxpx
2012-05-31 15:08:27,324 INFO Service AVGIDSDriverxpx is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSDriverxpx RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSShimvtx
2012-05-31 15:08:27,324 INFO Service AVGIDSShimvtx is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSShimvtx RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSShimvtx are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSFiltervtx
2012-05-31 15:08:27,324 INFO Service AVGIDSFiltervtx is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSFiltervtx RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSDrivervtx
2012-05-31 15:08:27,324 INFO Service AVGIDSDrivervtx is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSDrivervtx RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSFiltervta
2012-05-31 15:08:27,324 INFO Service AVGIDSFiltervta is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSFiltervta RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSFiltervta are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSDrivervta
2012-05-31 15:08:27,324 INFO Service AVGIDSDrivervta is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSDrivervta RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSDrivervta are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSShimw7x
2012-05-31 15:08:27,324 INFO Service AVGIDSShimw7x is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSShimw7x RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSShimw7x are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSFilterw7x
2012-05-31 15:08:27,324 INFO Service AVGIDSFilterw7x is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSFilterw7x RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSDriverw7x
2012-05-31 15:08:27,324 INFO Service AVGIDSDriverw7x is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSDriverw7x RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSFilterw7a
2012-05-31 15:08:27,324 INFO Service AVGIDSFilterw7a is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSFilterw7a RegCleanup
2012-05-31 15:08:27,324 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2012-05-31 15:08:27,324 INFO Processing service AVGIDSDriverw7a
2012-05-31 15:08:27,324 INFO Service AVGIDSDriverw7a is not installed
2012-05-31 15:08:27,324 DEBUG Service AVGIDSDriverw7a RegCleanup
2012-05-31 15:08:27,340 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2012-05-31 15:08:27,340 INFO Processing service AVGIDSErHrxpx
2012-05-31 15:08:27,340 INFO Service AVGIDSErHrxpx is not installed
2012-05-31 15:08:27,340 DEBUG Service AVGIDSErHrxpx RegCleanup
2012-05-31 15:08:27,340 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2012-05-31 15:08:27,340 INFO Processing service AVGIDSErHrvtx
2012-05-31 15:08:27,340 INFO Service AVGIDSErHrvtx is not installed
2012-05-31 15:08:27,340 DEBUG Service AVGIDSErHrvtx RegCleanup
2012-05-31 15:08:27,340 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2012-05-31 15:08:27,340 INFO Processing service AVGIDSErHrvta
2012-05-31 15:08:27,340 INFO Service AVGIDSErHrvta is not installed
2012-05-31 15:08:27,340 DEBUG Service AVGIDSErHrvta RegCleanup
2012-05-31 15:08:27,340 DEBUG Registry keys for service AVGIDSErHrvta are not present
2012-05-31 15:08:27,340 INFO Processing service AVGIDSErHrw7x
2012-05-31 15:08:27,340 INFO Service AVGIDSErHrw7x is not installed
2012-05-31 15:08:27,340 DEBUG Service AVGIDSErHrw7x RegCleanup
2012-05-31 15:08:27,340 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2012-05-31 15:08:27,340 INFO Processing service AVGIDSErHrw7a
2012-05-31 15:08:27,340 INFO Service AVGIDSErHrw7a is not installed
2012-05-31 15:08:27,340 DEBUG Service AVGIDSErHrw7a RegCleanup
2012-05-31 15:08:27,340 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2012-05-31 15:08:27,340 INFO ***** Registry keys and values *****
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2012-05-31 15:08:27,340 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2012-05-31 15:08:27,340 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2012-05-31 15:08:27,340 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2012-05-31 15:08:27,340 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2012-05-31 15:08:27,340 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2012-05-31 15:08:27,340 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-05-31 15:08:27,340 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2012-05-31 15:08:27,340 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:08:27,340 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-05-31 15:08:27,340 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:08:27,340 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:08:27,340 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2012-05-31 15:08:27,340 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2012-05-31 15:08:27,340 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2012-05-31 15:08:27,340 DEBUG Reading SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs failed (error: e001003d)
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify failed
2012-05-31 15:08:27,340 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:08:27,340 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:08:27,356 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:08:27,356 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:08:27,356 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:08:27,356 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:08:27,356 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:08:27,356 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:08:27,356 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:08:27,356 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:08:27,356 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:08:27,356 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:08:27,356 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-05-31 15:08:27,356 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2012-05-31 15:08:27,356 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2012-05-31 15:08:27,356 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-05-31 15:08:27,356 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2012-05-31 15:08:27,356 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2012-05-31 15:08:27,356 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\.avgdi
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\.avgdi not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\AVG\Clients
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2012-05-31 15:08:27,371 DEBUG Key SOFTWARE\AVG\Clients not found
2012-05-31 15:08:27,371 INFO Processing registry SOFTWARE\AVG\AVG8
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG8 not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG\AVG9
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG9 not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG\AVG IDS
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG IDS not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:08:27,387 DEBUG Value SOFTWARE\AVG:DumpType Remove
2012-05-31 15:08:27,387 INFO Value SOFTWARE\AVG:DumpType is not present
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG Remove
2012-05-31 15:08:27,387 WARN Deleting key SOFTWARE\AVG failed (error e0010058), key is not empty
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG Security Toolbar
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG\AVG8
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG8 not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG\AVG9
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG\AVG9 not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG Remove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\AVG Security Toolbar
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2012-05-31 15:08:27,387 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2012-05-31 15:08:27,387 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
2012-05-31 15:08:27,402 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
2012-05-31 15:08:27,402 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present
2012-05-31 15:08:27,402 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:08:27,402 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:08:27,402 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:08:27,402 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
2012-05-31 15:08:27,402 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-05-31 15:08:27,402 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2012-05-31 15:08:27,402 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:08:27,402 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:08:27,402 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:08:27,402 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:08:27,402 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:08:27,402 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:08:27,402 INFO Processing registry aAvgAPI.AvgBro
2012-05-31 15:08:27,402 DEBUG Key aAvgAPI.AvgBro ForceRemove
2012-05-31 15:08:27,402 DEBUG Key aAvgAPI.AvgBro not found
2012-05-31 15:08:27,402 INFO Processing registry AVG.Office
2012-05-31 15:08:27,402 DEBUG Key AVG.Office ForceRemove
2012-05-31 15:08:27,402 DEBUG Key AVG.Office not found
2012-05-31 15:08:27,402 INFO Processing registry AVG.Office.8
2012-05-31 15:08:27,402 DEBUG Key AVG.Office.8 ForceRemove
2012-05-31 15:08:27,402 DEBUG Key AVG.Office.8 not found
2012-05-31 15:08:27,402 INFO Processing registry avgtoolbar.AVGTOOLBAR
2012-05-31 15:08:27,402 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2012-05-31 15:08:27,402 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2012-05-31 15:08:27,402 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2012-05-31 15:08:27,402 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2012-05-31 15:08:27,402 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2012-05-31 15:08:27,402 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2012-05-31 15:08:27,402 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2012-05-31 15:08:27,402 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2012-05-31 15:08:27,402 INFO Processing registry LinkScannerIE.NavFilter
2012-05-31 15:08:27,402 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2012-05-31 15:08:27,402 DEBUG Key LinkScannerIE.NavFilter not found
2012-05-31 15:08:27,402 INFO Processing registry LinkScannerIE.NavFilter.1
2012-05-31 15:08:27,402 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2012-05-31 15:08:27,402 DEBUG Key LinkScannerIE.NavFilter.1 not found
2012-05-31 15:08:27,402 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2012-05-31 15:08:27,402 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2012-05-31 15:08:27,402 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2012-05-31 15:08:27,402 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2012-05-31 15:08:27,402 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2012-05-31 15:08:27,402 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2012-05-31 15:08:27,402 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2012-05-31 15:08:27,418 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2012-05-31 15:08:27,418 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2012-05-31 15:08:27,418 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-05-31 15:08:27,418 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-05-31 15:08:27,418 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-05-31 15:08:27,418 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-05-31 15:08:27,418 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-05-31 15:08:27,418 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-05-31 15:08:27,418 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2012-05-31 15:08:27,418 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2012-05-31 15:08:27,418 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2012-05-31 15:08:27,418 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2012-05-31 15:08:27,418 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2012-05-31 15:08:27,418 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2012-05-31 15:08:27,418 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2012-05-31 15:08:27,434 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2012-05-31 15:08:27,434 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2012-05-31 15:08:27,434 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2012-05-31 15:08:27,434 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
2012-05-31 15:08:27,434 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
2012-05-31 15:08:27,434 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:08:27,434 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:08:27,434 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:08:27,434 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:08:27,434 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2012-05-31 15:08:27,434 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2012-05-31 15:08:27,434 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2012-05-31 15:08:27,434 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2012-05-31 15:08:27,434 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
2012-05-31 15:08:27,434 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
2012-05-31 15:08:27,434 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2012-05-31 15:08:27,434 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2012-05-31 15:08:27,434 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2012-05-31 15:08:27,434 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2012-05-31 15:08:27,449 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2012-05-31 15:08:27,449 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2012-05-31 15:08:27,449 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2012-05-31 15:08:27,449 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2012-05-31 15:08:27,449 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2012-05-31 15:08:27,449 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:08:27,449 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:08:27,449 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:08:27,449 INFO ***** Files and folders *****
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 0
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 1
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 2
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 3
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 4
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 5
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 6
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 7
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 8
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 9
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 10
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 11
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 12
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 13
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 14
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 15
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 16
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\carla\Application Data\AVGTOOLBAR
2012-05-31 15:08:27,449 INFO Directory C:\Documents and Settings\carla\Application Data\AVGTOOLBAR not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.0
2012-05-31 15:08:27,449 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.0 not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.0
2012-05-31 15:08:27,449 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.0 not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.5
2012-05-31 15:08:27,449 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.5 not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.5
2012-05-31 15:08:27,449 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.5 not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 8.0.lnk
2012-05-31 15:08:27,449 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 8.0.lnk not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 8.0.lnk
2012-05-31 15:08:27,449 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 8.0.lnk not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 8.5.lnk
2012-05-31 15:08:27,449 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 8.5.lnk not found
2012-05-31 15:08:27,449 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 8.5.lnk
2012-05-31 15:08:27,449 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 8.5.lnk not found
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 27
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 28
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 29
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 30
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 31
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 32
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 33
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 34
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 35
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 36
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 37
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 38
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 39
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 40
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 41
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 42
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 43
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 44
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 45
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 46
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 47
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 48
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 49
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 50
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 51
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 52
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 53
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 54
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 55
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 56
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 57
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 58
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 59
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 60
2012-05-31 15:08:27,449 DEBUG Missing ParentDir path for fileItem number 61
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 62
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 63
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 64
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 65
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 66
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 67
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 68
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 69
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 70
2012-05-31 15:08:27,465 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
2012-05-31 15:08:27,465 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
2012-05-31 15:08:27,465 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2012-05-31 15:08:27,465 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:08:27,465 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 9.0.lnk
2012-05-31 15:08:27,465 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 9.0.lnk not found
2012-05-31 15:08:27,465 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 9.0.lnk
2012-05-31 15:08:27,465 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 9.0.lnk not found
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 76
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 77
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 78
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 79
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 80
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 81
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 82
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 83
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 84
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 85
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 86
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 87
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 88
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 89
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 90
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 91
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 92
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 93
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 94
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 95
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 96
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 97
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 98
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 99
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 100
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 101
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 102
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 103
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 104
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 105
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 106
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 107
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 108
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 109
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 110
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 111
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 112
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 113
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 114
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 115
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 116
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 117
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 118
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 119
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 120
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 121
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 122
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 123
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 124
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 125
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 126
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 127
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 128
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 129
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 130
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 131
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 132
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 133
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 134
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 135
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 136
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 137
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 138
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 139
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 140
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 141
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 142
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 143
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 144
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 145
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 146
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 147
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 148
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 149
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 150
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 151
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 152
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 153
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 154
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 155
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 156
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 157
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 158
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 159
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 160
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 161
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 162
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 163
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 164
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 165
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 166
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 167
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 168
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 169
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 170
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 171
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 172
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 173
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 174
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 175
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 176
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 177
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 178
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 179
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 180
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 181
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 182
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 183
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 184
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 185
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2012-05-31 15:08:27,465 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2012-05-31 15:08:27,465 DEBUG Processing item C:\WINDOWS\System32
2012-05-31 15:08:27,465 DEBUG Processing item C:\Program Files\AVG
2012-05-31 15:08:27,465 DEBUG Directory C:\Program Files\AVG not deleted (error c0070091)
2012-05-31 15:08:27,465 DEBUG Missing ParentDir path for fileItem number 194
2012-05-31 15:08:27,465 INFO ***** Avg Fw NDIS driver *****
2012-05-31 15:08:27,699 INFO FW NDIS driver not present
2012-05-31 15:09:38,559 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-31 15:09:38,559 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-31 15:09:38,574 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-05-31 15:09:38,574 WARN AvgDir param empty.
2012-05-31 15:09:38,574 WARN AvgDataDir param empty.
2012-05-31 15:09:41,121 INFO AvgRemover runs in attempt number 1
2012-05-31 15:09:41,121 INFO ***** Services *****
2012-05-31 15:09:41,121 INFO Processing service avg8emc
2012-05-31 15:09:41,121 INFO Service avg8emc is not installed
2012-05-31 15:09:41,121 DEBUG Service avg8emc RegCleanup
2012-05-31 15:09:41,121 DEBUG Registry keys for service avg8emc are not present
2012-05-31 15:09:41,121 INFO Processing service avgfws8
2012-05-31 15:09:41,121 INFO Service avgfws8 is not installed
2012-05-31 15:09:41,121 DEBUG Service avgfws8 RegCleanup
2012-05-31 15:09:41,121 DEBUG Registry keys for service avgfws8 are not present
2012-05-31 15:09:41,121 INFO Processing service avg8wd
2012-05-31 15:09:41,121 INFO Service avg8wd is not installed
2012-05-31 15:09:41,121 DEBUG Service avg8wd RegCleanup
2012-05-31 15:09:41,121 DEBUG Registry keys for service avg8wd are not present
2012-05-31 15:09:41,121 INFO Processing service AvgWFPx
2012-05-31 15:09:41,121 INFO Service AvgWFPx is not installed
2012-05-31 15:09:41,121 DEBUG Service AvgWFPx RegCleanup
2012-05-31 15:09:41,121 DEBUG Registry keys for service AvgWFPx are not present
2012-05-31 15:09:41,121 INFO Processing service AvgWFPa
2012-05-31 15:09:41,121 INFO Service AvgWFPa is not installed
2012-05-31 15:09:41,121 DEBUG Service AvgWFPa RegCleanup
2012-05-31 15:09:41,121 DEBUG Registry keys for service AvgWFPa are not present
2012-05-31 15:09:41,121 INFO Processing service AvgMfx86
2012-05-31 15:09:41,137 INFO Service AvgMfx86 is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgMfx86 RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgMfx86 are not present
2012-05-31 15:09:41,137 INFO Processing service AvgMfx64
2012-05-31 15:09:41,137 INFO Service AvgMfx64 is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgMfx64 RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgMfx64 are not present
2012-05-31 15:09:41,137 INFO Processing service AvgLdx86
2012-05-31 15:09:41,137 INFO Service AvgLdx86 is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgLdx86 RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgLdx86 are not present
2012-05-31 15:09:41,137 INFO Processing service AvgLdx64
2012-05-31 15:09:41,137 INFO Service AvgLdx64 is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgLdx64 RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgLdx64 are not present
2012-05-31 15:09:41,137 INFO Processing service AvgTdiX
2012-05-31 15:09:41,137 INFO Service AvgTdiX is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgTdiX RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgTdiX are not present
2012-05-31 15:09:41,137 INFO Processing service AvgTdiA
2012-05-31 15:09:41,137 INFO Service AvgTdiA is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgTdiA RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgTdiA are not present
2012-05-31 15:09:41,137 INFO Processing service AvgRkx86
2012-05-31 15:09:41,137 INFO Service AvgRkx86 is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgRkx86 RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgRkx86 are not present
2012-05-31 15:09:41,137 INFO Processing service AvgRkx64
2012-05-31 15:09:41,137 INFO Service AvgRkx64 is not installed
2012-05-31 15:09:41,137 DEBUG Service AvgRkx64 RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AvgRkx64 are not present
2012-05-31 15:09:41,137 INFO Processing service avg9emc
2012-05-31 15:09:41,137 INFO Service avg9emc is not installed
2012-05-31 15:09:41,137 DEBUG Service avg9emc RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service avg9emc are not present
2012-05-31 15:09:41,137 INFO Processing service avgfws9
2012-05-31 15:09:41,137 INFO Service avgfws9 is not installed
2012-05-31 15:09:41,137 DEBUG Service avgfws9 RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service avgfws9 are not present
2012-05-31 15:09:41,137 INFO Processing service avg9wd
2012-05-31 15:09:41,137 INFO Service avg9wd is not installed
2012-05-31 15:09:41,137 DEBUG Service avg9wd RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service avg9wd are not present
2012-05-31 15:09:41,137 INFO Processing service AVGIDSAgent
2012-05-31 15:09:41,137 INFO Service AVGIDSAgent is not installed
2012-05-31 15:09:41,137 DEBUG Service AVGIDSAgent RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AVGIDSAgent are not present
2012-05-31 15:09:41,137 INFO Processing service AVGIDSShimxpx
2012-05-31 15:09:41,137 INFO Service AVGIDSShimxpx is not installed
2012-05-31 15:09:41,137 DEBUG Service AVGIDSShimxpx RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AVGIDSShimxpx are not present
2012-05-31 15:09:41,137 INFO Processing service AVGIDSFilterxpx
2012-05-31 15:09:41,137 INFO Service AVGIDSFilterxpx is not installed
2012-05-31 15:09:41,137 DEBUG Service AVGIDSFilterxpx RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2012-05-31 15:09:41,137 INFO Processing service AVGIDSDriverxpx
2012-05-31 15:09:41,137 INFO Service AVGIDSDriverxpx is not installed
2012-05-31 15:09:41,137 DEBUG Service AVGIDSDriverxpx RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2012-05-31 15:09:41,137 INFO Processing service AVGIDSShimvtx
2012-05-31 15:09:41,137 INFO Service AVGIDSShimvtx is not installed
2012-05-31 15:09:41,137 DEBUG Service AVGIDSShimvtx RegCleanup
2012-05-31 15:09:41,137 DEBUG Registry keys for service AVGIDSShimvtx are not present
2012-05-31 15:09:41,137 INFO Processing service AVGIDSFiltervtx
2012-05-31 15:09:41,152 INFO Service AVGIDSFiltervtx is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSFiltervtx RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSDrivervtx
2012-05-31 15:09:41,152 INFO Service AVGIDSDrivervtx is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSDrivervtx RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSFiltervta
2012-05-31 15:09:41,152 INFO Service AVGIDSFiltervta is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSFiltervta RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSFiltervta are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSDrivervta
2012-05-31 15:09:41,152 INFO Service AVGIDSDrivervta is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSDrivervta RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSDrivervta are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSShimw7x
2012-05-31 15:09:41,152 INFO Service AVGIDSShimw7x is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSShimw7x RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSShimw7x are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSFilterw7x
2012-05-31 15:09:41,152 INFO Service AVGIDSFilterw7x is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSFilterw7x RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSDriverw7x
2012-05-31 15:09:41,152 INFO Service AVGIDSDriverw7x is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSDriverw7x RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSFilterw7a
2012-05-31 15:09:41,152 INFO Service AVGIDSFilterw7a is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSFilterw7a RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSDriverw7a
2012-05-31 15:09:41,152 INFO Service AVGIDSDriverw7a is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSDriverw7a RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSErHrxpx
2012-05-31 15:09:41,152 INFO Service AVGIDSErHrxpx is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSErHrxpx RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSErHrvtx
2012-05-31 15:09:41,152 INFO Service AVGIDSErHrvtx is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSErHrvtx RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSErHrvta
2012-05-31 15:09:41,152 INFO Service AVGIDSErHrvta is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSErHrvta RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSErHrvta are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSErHrw7x
2012-05-31 15:09:41,152 INFO Service AVGIDSErHrw7x is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSErHrw7x RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2012-05-31 15:09:41,152 INFO Processing service AVGIDSErHrw7a
2012-05-31 15:09:41,152 INFO Service AVGIDSErHrw7a is not installed
2012-05-31 15:09:41,152 DEBUG Service AVGIDSErHrw7a RegCleanup
2012-05-31 15:09:41,152 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2012-05-31 15:09:41,152 INFO ***** Registry keys and values *****
2012-05-31 15:09:41,152 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2012-05-31 15:09:41,168 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2012-05-31 15:09:41,168 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2012-05-31 15:09:41,168 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2012-05-31 15:09:41,168 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-05-31 15:09:41,168 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2012-05-31 15:09:41,168 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:09:41,168 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:09:41,168 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:09:41,168 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2012-05-31 15:09:41,168 DEBUG Reading SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs failed (error: e001003d)
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify failed
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:09:41,168 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:09:41,168 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:09:41,168 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:09:41,184 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-05-31 15:09:41,184 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2012-05-31 15:09:41,184 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2012-05-31 15:09:41,184 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-05-31 15:09:41,184 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2012-05-31 15:09:41,199 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\.avgdi
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\.avgdi not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\AVG\Clients
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2012-05-31 15:09:41,199 DEBUG Key SOFTWARE\AVG\Clients not found
2012-05-31 15:09:41,199 INFO Processing registry SOFTWARE\AVG\AVG8
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG8 not found
2012-05-31 15:09:41,215 INFO Processing registry SOFTWARE\AVG\AVG9
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG9 not found
2012-05-31 15:09:41,215 INFO Processing registry SOFTWARE\AVG\AVG IDS
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG IDS not found
2012-05-31 15:09:41,215 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:09:41,215 DEBUG Value SOFTWARE\AVG:DumpType Remove
2012-05-31 15:09:41,215 INFO Value SOFTWARE\AVG:DumpType is not present
2012-05-31 15:09:41,215 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG Remove
2012-05-31 15:09:41,215 WARN Deleting key SOFTWARE\AVG failed (error e0010058), key is not empty
2012-05-31 15:09:41,215 INFO Processing registry SOFTWARE\AVG Security Toolbar
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2012-05-31 15:09:41,215 INFO Processing registry SOFTWARE\AVG\AVG8
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2012-05-31 15:09:41,215 DEBUG Key SOFTWARE\AVG\AVG8 not found
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\AVG\AVG9
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\AVG\AVG9 not found
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\AVG Remove
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\AVG not found
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\AVG Security Toolbar
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
2012-05-31 15:09:41,231 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
2012-05-31 15:09:41,231 WARN Deleting value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} failed (error e0010058)
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
2012-05-31 15:09:41,231 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-05-31 15:09:41,231 WARN Deleting value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} failed (error e0010058)
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:09:41,231 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:09:41,231 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:09:41,231 INFO Processing registry aAvgAPI.AvgBro
2012-05-31 15:09:41,231 DEBUG Key aAvgAPI.AvgBro ForceRemove
2012-05-31 15:09:41,231 DEBUG Key aAvgAPI.AvgBro not found
2012-05-31 15:09:41,231 INFO Processing registry AVG.Office
2012-05-31 15:09:41,231 DEBUG Key AVG.Office ForceRemove
2012-05-31 15:09:41,231 DEBUG Key AVG.Office not found
2012-05-31 15:09:41,231 INFO Processing registry AVG.Office.8
2012-05-31 15:09:41,231 DEBUG Key AVG.Office.8 ForceRemove
2012-05-31 15:09:41,231 DEBUG Key AVG.Office.8 not found
2012-05-31 15:09:41,231 INFO Processing registry avgtoolbar.AVGTOOLBAR
2012-05-31 15:09:41,231 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2012-05-31 15:09:41,231 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2012-05-31 15:09:41,231 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2012-05-31 15:09:41,231 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2012-05-31 15:09:41,231 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2012-05-31 15:09:41,231 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2012-05-31 15:09:41,231 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2012-05-31 15:09:41,231 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2012-05-31 15:09:41,231 INFO Processing registry LinkScannerIE.NavFilter
2012-05-31 15:09:41,231 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2012-05-31 15:09:41,231 DEBUG Key LinkScannerIE.NavFilter not found
2012-05-31 15:09:41,231 INFO Processing registry LinkScannerIE.NavFilter.1
2012-05-31 15:09:41,231 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2012-05-31 15:09:41,231 DEBUG Key LinkScannerIE.NavFilter.1 not found
2012-05-31 15:09:41,231 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2012-05-31 15:09:41,231 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2012-05-31 15:09:41,231 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2012-05-31 15:09:41,231 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2012-05-31 15:09:41,231 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2012-05-31 15:09:41,231 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2012-05-31 15:09:41,231 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2012-05-31 15:09:41,231 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2012-05-31 15:09:41,231 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2012-05-31 15:09:41,231 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-05-31 15:09:41,246 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-05-31 15:09:41,246 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-05-31 15:09:41,246 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-05-31 15:09:41,277 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2012-05-31 15:09:41,277 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2012-05-31 15:09:41,277 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2012-05-31 15:09:41,277 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2012-05-31 15:09:41,277 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
2012-05-31 15:09:41,277 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:09:41,277 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:09:41,277 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:09:41,277 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2012-05-31 15:09:41,277 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2012-05-31 15:09:41,277 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2012-05-31 15:09:41,277 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2012-05-31 15:09:41,293 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2012-05-31 15:09:41,293 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2012-05-31 15:09:41,293 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
2012-05-31 15:09:41,293 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
2012-05-31 15:09:41,293 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
2012-05-31 15:09:41,293 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2012-05-31 15:09:41,293 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2012-05-31 15:09:41,293 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2012-05-31 15:09:41,293 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:09:41,293 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:09:41,293 INFO ***** Files and folders *****
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 0
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 1
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 2
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 3
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 4
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 5
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 6
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 7
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 8
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 9
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 10
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 11
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 12
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 13
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 14
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 15
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 16
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\carla\Application Data\AVGTOOLBAR
2012-05-31 15:09:41,293 INFO Directory C:\Documents and Settings\carla\Application Data\AVGTOOLBAR not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.0
2012-05-31 15:09:41,293 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.0 not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.0
2012-05-31 15:09:41,293 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.0 not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.5
2012-05-31 15:09:41,293 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.5 not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.5
2012-05-31 15:09:41,293 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.5 not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 8.0.lnk
2012-05-31 15:09:41,293 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 8.0.lnk not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 8.0.lnk
2012-05-31 15:09:41,293 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 8.0.lnk not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 8.5.lnk
2012-05-31 15:09:41,293 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 8.5.lnk not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 8.5.lnk
2012-05-31 15:09:41,293 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 8.5.lnk not found
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 27
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 28
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 29
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 30
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 31
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 32
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 33
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 34
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 35
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 36
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 37
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 38
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 39
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 40
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 41
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 42
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 43
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 44
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 45
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 46
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 47
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 48
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 49
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 50
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 51
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 52
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 53
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 54
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 55
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 56
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 57
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 58
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 59
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 60
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 61
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 62
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 63
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 64
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 65
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 66
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 67
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 68
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 69
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 70
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
2012-05-31 15:09:41,293 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2012-05-31 15:09:41,293 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 9.0.lnk
2012-05-31 15:09:41,293 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 9.0.lnk not found
2012-05-31 15:09:41,293 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 9.0.lnk
2012-05-31 15:09:41,293 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 9.0.lnk not found
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 76
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 77
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 78
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 79
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 80
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 81
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 82
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 83
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 84
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 85
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 86
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 87
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 88
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 89
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 90
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 91
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 92
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 93
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 94
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 95
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 96
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 97
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 98
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 99
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 100
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 101
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 102
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 103
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 104
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 105
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 106
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 107
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 108
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 109
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 110
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 111
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 112
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 113
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 114
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 115
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 116
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 117
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 118
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 119
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 120
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 121
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 122
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 123
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 124
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 125
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 126
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 127
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 128
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 129
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 130
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 131
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 132
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 133
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 134
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 135
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 136
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 137
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 138
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 139
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 140
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 141
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 142
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 143
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 144
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 145
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 146
2012-05-31 15:09:41,293 DEBUG Missing ParentDir path for fileItem number 147
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 148
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 149
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 150
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 151
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 152
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 153
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 154
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 155
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 156
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 157
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 158
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 159
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 160
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 161
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 162
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 163
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 164
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 165
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 166
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 167
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 168
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 169
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 170
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 171
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 172
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 173
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 174
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 175
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 176
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 177
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 178
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 179
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 180
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 181
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 182
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 183
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 184
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 185
2012-05-31 15:09:41,309 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:09:41,309 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:09:41,309 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:09:41,309 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:09:41,309 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:09:41,309 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2012-05-31 15:09:41,309 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2012-05-31 15:09:41,309 DEBUG Processing item C:\WINDOWS\System32
2012-05-31 15:09:41,309 DEBUG Processing item C:\Program Files\AVG
2012-05-31 15:09:41,309 DEBUG Directory C:\Program Files\AVG not deleted (error e0010058)
2012-05-31 15:09:41,309 DEBUG Missing ParentDir path for fileItem number 194
2012-05-31 15:09:41,309 INFO ***** Avg Fw NDIS driver *****
2012-05-31 15:09:41,543 INFO FW NDIS driver not present
2012-05-31 15:57:41,328 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-31 15:57:41,343 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-31 15:57:41,343 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-05-31 15:57:41,343 WARN AvgDir param empty.
2012-05-31 15:57:41,343 WARN AvgDataDir param empty.
2012-05-31 15:57:42,921 INFO AvgRemover runs in attempt number 1
2012-05-31 15:57:42,921 INFO ***** Services *****
2012-05-31 15:57:42,921 INFO Processing service avg8emc
2012-05-31 15:57:42,937 INFO Service avg8emc is not installed
2012-05-31 15:57:42,937 DEBUG Service avg8emc RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service avg8emc are not present
2012-05-31 15:57:42,937 INFO Processing service avgfws8
2012-05-31 15:57:42,937 INFO Service avgfws8 is not installed
2012-05-31 15:57:42,937 DEBUG Service avgfws8 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service avgfws8 are not present
2012-05-31 15:57:42,937 INFO Processing service avg8wd
2012-05-31 15:57:42,937 INFO Service avg8wd is not installed
2012-05-31 15:57:42,937 DEBUG Service avg8wd RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service avg8wd are not present
2012-05-31 15:57:42,937 INFO Processing service AvgWFPx
2012-05-31 15:57:42,937 INFO Service AvgWFPx is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgWFPx RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgWFPx are not present
2012-05-31 15:57:42,937 INFO Processing service AvgWFPa
2012-05-31 15:57:42,937 INFO Service AvgWFPa is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgWFPa RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgWFPa are not present
2012-05-31 15:57:42,937 INFO Processing service AvgMfx86
2012-05-31 15:57:42,937 INFO Service AvgMfx86 is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgMfx86 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgMfx86 are not present
2012-05-31 15:57:42,937 INFO Processing service AvgMfx64
2012-05-31 15:57:42,937 INFO Service AvgMfx64 is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgMfx64 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgMfx64 are not present
2012-05-31 15:57:42,937 INFO Processing service AvgLdx86
2012-05-31 15:57:42,937 INFO Service AvgLdx86 is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgLdx86 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgLdx86 are not present
2012-05-31 15:57:42,937 INFO Processing service AvgLdx64
2012-05-31 15:57:42,937 INFO Service AvgLdx64 is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgLdx64 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgLdx64 are not present
2012-05-31 15:57:42,937 INFO Processing service AvgTdiX
2012-05-31 15:57:42,937 INFO Service AvgTdiX is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgTdiX RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgTdiX are not present
2012-05-31 15:57:42,937 INFO Processing service AvgTdiA
2012-05-31 15:57:42,937 INFO Service AvgTdiA is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgTdiA RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgTdiA are not present
2012-05-31 15:57:42,937 INFO Processing service AvgRkx86
2012-05-31 15:57:42,937 INFO Service AvgRkx86 is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgRkx86 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgRkx86 are not present
2012-05-31 15:57:42,937 INFO Processing service AvgRkx64
2012-05-31 15:57:42,937 INFO Service AvgRkx64 is not installed
2012-05-31 15:57:42,937 DEBUG Service AvgRkx64 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service AvgRkx64 are not present
2012-05-31 15:57:42,937 INFO Processing service avg9emc
2012-05-31 15:57:42,937 INFO Service avg9emc is not installed
2012-05-31 15:57:42,937 DEBUG Service avg9emc RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service avg9emc are not present
2012-05-31 15:57:42,937 INFO Processing service avgfws9
2012-05-31 15:57:42,937 INFO Service avgfws9 is not installed
2012-05-31 15:57:42,937 DEBUG Service avgfws9 RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service avgfws9 are not present
2012-05-31 15:57:42,937 INFO Processing service avg9wd
2012-05-31 15:57:42,937 INFO Service avg9wd is not installed
2012-05-31 15:57:42,937 DEBUG Service avg9wd RegCleanup
2012-05-31 15:57:42,937 DEBUG Registry keys for service avg9wd are not present
2012-05-31 15:57:42,937 INFO Processing service AVGIDSAgent
2012-05-31 15:57:42,937 INFO Service AVGIDSAgent is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSAgent RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSAgent are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSShimxpx
2012-05-31 15:57:42,953 INFO Service AVGIDSShimxpx is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSShimxpx RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSShimxpx are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSFilterxpx
2012-05-31 15:57:42,953 INFO Service AVGIDSFilterxpx is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSFilterxpx RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSDriverxpx
2012-05-31 15:57:42,953 INFO Service AVGIDSDriverxpx is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSDriverxpx RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSShimvtx
2012-05-31 15:57:42,953 INFO Service AVGIDSShimvtx is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSShimvtx RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSShimvtx are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSFiltervtx
2012-05-31 15:57:42,953 INFO Service AVGIDSFiltervtx is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSFiltervtx RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSDrivervtx
2012-05-31 15:57:42,953 INFO Service AVGIDSDrivervtx is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSDrivervtx RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSFiltervta
2012-05-31 15:57:42,953 INFO Service AVGIDSFiltervta is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSFiltervta RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSFiltervta are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSDrivervta
2012-05-31 15:57:42,953 INFO Service AVGIDSDrivervta is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSDrivervta RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSDrivervta are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSShimw7x
2012-05-31 15:57:42,953 INFO Service AVGIDSShimw7x is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSShimw7x RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSShimw7x are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSFilterw7x
2012-05-31 15:57:42,953 INFO Service AVGIDSFilterw7x is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSFilterw7x RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSDriverw7x
2012-05-31 15:57:42,953 INFO Service AVGIDSDriverw7x is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSDriverw7x RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSFilterw7a
2012-05-31 15:57:42,953 INFO Service AVGIDSFilterw7a is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSFilterw7a RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSDriverw7a
2012-05-31 15:57:42,953 INFO Service AVGIDSDriverw7a is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSDriverw7a RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSErHrxpx
2012-05-31 15:57:42,953 INFO Service AVGIDSErHrxpx is not installed
2012-05-31 15:57:42,953 DEBUG Service AVGIDSErHrxpx RegCleanup
2012-05-31 15:57:42,953 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2012-05-31 15:57:42,953 INFO Processing service AVGIDSErHrvtx
2012-05-31 15:57:42,968 INFO Service AVGIDSErHrvtx is not installed
2012-05-31 15:57:42,968 DEBUG Service AVGIDSErHrvtx RegCleanup
2012-05-31 15:57:42,968 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2012-05-31 15:57:42,968 INFO Processing service AVGIDSErHrvta
2012-05-31 15:57:42,968 INFO Service AVGIDSErHrvta is not installed
2012-05-31 15:57:42,968 DEBUG Service AVGIDSErHrvta RegCleanup
2012-05-31 15:57:42,968 DEBUG Registry keys for service AVGIDSErHrvta are not present
2012-05-31 15:57:42,968 INFO Processing service AVGIDSErHrw7x
2012-05-31 15:57:42,968 INFO Service AVGIDSErHrw7x is not installed
2012-05-31 15:57:42,968 DEBUG Service AVGIDSErHrw7x RegCleanup
2012-05-31 15:57:42,968 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2012-05-31 15:57:42,968 INFO Processing service AVGIDSErHrw7a
2012-05-31 15:57:42,968 INFO Service AVGIDSErHrw7a is not installed
2012-05-31 15:57:42,968 DEBUG Service AVGIDSErHrw7a RegCleanup
2012-05-31 15:57:42,968 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2012-05-31 15:57:42,968 INFO ***** Registry keys and values *****
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2012-05-31 15:57:42,968 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2012-05-31 15:57:42,968 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2012-05-31 15:57:42,968 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2012-05-31 15:57:42,968 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-05-31 15:57:42,968 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2012-05-31 15:57:42,968 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:57:42,968 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:57:42,968 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:57:42,968 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2012-05-31 15:57:42,968 DEBUG Reading SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs failed (error: e001003d)
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify failed
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:57:42,968 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:57:42,968 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:57:42,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-05-31 15:57:43,000 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-05-31 15:57:43,000 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-05-31 15:57:43,000 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2012-05-31 15:57:43,000 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-05-31 15:57:43,000 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2012-05-31 15:57:43,000 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Classes\.avgdi
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2012-05-31 15:57:43,000 DEBUG Key SOFTWARE\Classes\.avgdi not found
2012-05-31 15:57:43,000 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG\Clients
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\Clients not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG\AVG8
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG8 not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG\AVG9
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG9 not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG\AVG IDS
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG IDS not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:57:43,031 DEBUG Value SOFTWARE\AVG:DumpType Remove
2012-05-31 15:57:43,031 INFO Value SOFTWARE\AVG:DumpType is not present
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG Remove
2012-05-31 15:57:43,031 WARN Deleting key SOFTWARE\AVG failed (error e0010058), key is not empty
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG Security Toolbar
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG\AVG8
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG8 not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG\AVG9
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG\AVG9 not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG Remove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\AVG Security Toolbar
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
2012-05-31 15:57:43,031 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
2012-05-31 15:57:43,031 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
2012-05-31 15:57:43,031 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-05-31 15:57:43,031 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:57:43,031 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:57:43,031 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:57:43,031 INFO Processing registry aAvgAPI.AvgBro
2012-05-31 15:57:43,031 DEBUG Key aAvgAPI.AvgBro ForceRemove
2012-05-31 15:57:43,031 DEBUG Key aAvgAPI.AvgBro not found
2012-05-31 15:57:43,031 INFO Processing registry AVG.Office
2012-05-31 15:57:43,031 DEBUG Key AVG.Office ForceRemove
2012-05-31 15:57:43,031 DEBUG Key AVG.Office not found
2012-05-31 15:57:43,031 INFO Processing registry AVG.Office.8
2012-05-31 15:57:43,031 DEBUG Key AVG.Office.8 ForceRemove
2012-05-31 15:57:43,031 DEBUG Key AVG.Office.8 not found
2012-05-31 15:57:43,031 INFO Processing registry avgtoolbar.AVGTOOLBAR
2012-05-31 15:57:43,031 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2012-05-31 15:57:43,031 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2012-05-31 15:57:43,031 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2012-05-31 15:57:43,031 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2012-05-31 15:57:43,031 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2012-05-31 15:57:43,031 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2012-05-31 15:57:43,062 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2012-05-31 15:57:43,062 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2012-05-31 15:57:43,062 INFO Processing registry LinkScannerIE.NavFilter
2012-05-31 15:57:43,062 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2012-05-31 15:57:43,062 DEBUG Key LinkScannerIE.NavFilter not found
2012-05-31 15:57:43,062 INFO Processing registry LinkScannerIE.NavFilter.1
2012-05-31 15:57:43,062 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2012-05-31 15:57:43,062 DEBUG Key LinkScannerIE.NavFilter.1 not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-05-31 15:57:43,062 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:57:43,062 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:57:43,062 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2012-05-31 15:57:43,062 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2012-05-31 15:57:43,062 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2012-05-31 15:57:43,062 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2012-05-31 15:57:43,062 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
2012-05-31 15:57:43,062 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
2012-05-31 15:57:43,062 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2012-05-31 15:57:43,062 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2012-05-31 15:57:43,062 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2012-05-31 15:57:43,062 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-05-31 15:57:43,062 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-05-31 15:57:43,062 INFO ***** Files and folders *****
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 0
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 1
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 2
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 3
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 4
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 5
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 6
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 7
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 8
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 9
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 10
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 11
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 12
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 13
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 14
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 15
2012-05-31 15:57:43,062 DEBUG Missing ParentDir path for fileItem number 16
2012-05-31 15:57:43,062 DEBUG Processing item C:\Documents and Settings\carla\Application Data\AVGTOOLBAR
2012-05-31 15:57:43,062 INFO Directory C:\Documents and Settings\carla\Application Data\AVGTOOLBAR not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.0
2012-05-31 15:57:43,093 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.0 not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.0
2012-05-31 15:57:43,093 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.0 not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.5
2012-05-31 15:57:43,093 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg 8.5 not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.5
2012-05-31 15:57:43,093 INFO Directory C:\Documents and Settings\All Users\Menu Start\Programma's\avg free 8.5 not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 8.0.lnk
2012-05-31 15:57:43,093 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 8.0.lnk not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 8.0.lnk
2012-05-31 15:57:43,093 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 8.0.lnk not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 8.5.lnk
2012-05-31 15:57:43,093 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 8.5.lnk not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 8.5.lnk
2012-05-31 15:57:43,093 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 8.5.lnk not found
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 27
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 28
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 29
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 30
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 31
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 32
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 33
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 34
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 35
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 36
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 37
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 38
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 39
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 40
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 41
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 42
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 43
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 44
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 45
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 46
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 47
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 48
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 49
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 50
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 51
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 52
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 53
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 54
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 55
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 56
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 57
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 58
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 59
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 60
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 61
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 62
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 63
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 64
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 65
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 66
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 67
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 68
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 69
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 70
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
2012-05-31 15:57:43,093 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2012-05-31 15:57:43,093 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg 9.0.lnk
2012-05-31 15:57:43,093 INFO File C:\Documents and Settings\All Users\Bureaublad\avg 9.0.lnk not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\Documents and Settings\All Users\Bureaublad\avg free 9.0.lnk
2012-05-31 15:57:43,093 INFO File C:\Documents and Settings\All Users\Bureaublad\avg free 9.0.lnk not found
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 76
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 77
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 78
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 79
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 80
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 81
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 82
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 83
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 84
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 85
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 86
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 87
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 88
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 89
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 90
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 91
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 92
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 93
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 94
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 95
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 96
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 97
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 98
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 99
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 100
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 101
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 102
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 103
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 104
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 105
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 106
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 107
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 108
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 109
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 110
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 111
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 112
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 113
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 114
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 115
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 116
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 117
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 118
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 119
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 120
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 121
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 122
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 123
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 124
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 125
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 126
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 127
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 128
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 129
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 130
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 131
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 132
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 133
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 134
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 135
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 136
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 137
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 138
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 139
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 140
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 141
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 142
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 143
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 144
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 145
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 146
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 147
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 148
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 149
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 150
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 151
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 152
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 153
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 154
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 155
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 156
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 157
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 158
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 159
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 160
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 161
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 162
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 163
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 164
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 165
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 166
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 167
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 168
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 169
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 170
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 171
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 172
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 173
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 174
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 175
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 176
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 177
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 178
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 179
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 180
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 181
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 182
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 183
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 184
2012-05-31 15:57:43,093 DEBUG Missing ParentDir path for fileItem number 185
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2012-05-31 15:57:43,093 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2012-05-31 15:57:43,093 DEBUG Processing item C:\WINDOWS\System32
2012-05-31 15:57:43,093 DEBUG Processing item C:\Program Files\AVG
2012-05-31 15:57:43,109 DEBUG Directory C:\Program Files\AVG not deleted (error c0070091)
2012-05-31 15:57:43,109 DEBUG Missing ParentDir path for fileItem number 194
2012-05-31 15:57:43,109 INFO ***** Avg Fw NDIS driver *****
2012-05-31 15:57:44,953 INFO FW NDIS driver not present

###################################################################################


After avgremover I rebooted the machine.
Start Commbofix with the CFScript.txt.

Message in ComboFix to download newest version. <-OK
Still got the message that AVG is running. Same as before.
While running ComboFix I got a Error message like (translated to English):
===
PEV.exe
"The instruction on 0x0039bdfc pointing to memory 0xffffffff the read or write operation failed"
===

I un-installed ComboFix (cmd combofix /uninstall)
I downloaded a new version and fresh ComboFix -> save on desktop etc.
Still got the message that AVG is running. Same as before.

###################################################################################
###################################################################################
Here is the ComboFix Log
###################################################################################
###################################################################################

ComboFix 12-05-31.02 - carla 31-05-2012 18:06:57.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1097 [GMT 2:00]
Gestart vanuit: c:\documents and settings\carla\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\carla\Bureaublad\CFScript.txt
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-31 ))))))))))))))))))))))))))))))
.
.
2012-05-31 11:02 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C25CC22-D757-4D33-B5EB-8A1277802F5F}\mpengine.dll
2012-05-23 12:47 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-07 14:13 . 2012-05-07 14:13 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\CUSTPDF Writer
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\I Want This
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\program files\DealPly
2012-05-07 09:32 . 2012-05-07 12:30 -------- d-----w- c:\documents and settings\carla\Application Data\babylon01
2012-05-07 09:31 . 2011-10-04 20:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- C:\Program1
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\program files\Yontoo
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\Babylon
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Application Data\Babylon
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-05-07 09:28 . 2012-05-07 12:29 167 ----a-w- C:\user.js
2012-05-07 09:28 . 2012-05-07 09:28 -------- d-----w- c:\documents and settings\carla\Application Data\Softonic
2012-05-07 09:27 . 2010-06-17 19:56 45056 ----a-w- c:\windows\system32\unredmon.exe
2012-05-07 09:27 . 2010-06-17 19:56 116224 ----a-w- c:\windows\system32\redmonnt.dll
2012-05-07 09:27 . 2012-05-07 09:27 -------- d-----w- c:\program files\FreePDF_XP
2012-05-07 09:27 . 2012-05-07 09:27 -------- d-----w- c:\documents and settings\carla\Application Data\FreePDF
2012-05-05 12:08 . 2012-05-05 12:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 07:08 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 07:06 . 2012-05-05 07:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-04 06:16 . 2012-05-04 06:16 -------- d-----w- C:\ac7c40f08dd5b0a151a0da44ab
2012-05-02 21:47 . 2012-05-02 21:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-02 21:46 . 2012-05-02 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 21:46 . 2012-05-02 21:46 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 21:46 . 2012-05-02 21:46 -------- d-----w- c:\program files\Java
2012-05-02 20:07 . 2012-05-02 20:12 3993600 ----a-w- c:\program files\GUT3B.tmp
2012-05-02 20:07 . 2012-05-02 20:07 -------- d-----w- c:\program files\GUM3A.tmp
2012-05-02 20:03 . 2012-05-03 15:37 -------- d-----w- c:\documents and settings\Administrator
2012-05-02 19:29 . 2012-05-02 19:36 -------- d-----w- c:\program files\GUM2.tmp
2012-05-02 19:29 . 2012-05-02 19:29 3993600 ----a-w- c:\program files\GUT3.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 12:23 . 2004-02-22 21:29 98304 ----a-w- c:\windows\DUMP6ea8.tmp
2012-05-14 11:19 . 2004-02-22 21:29 90112 ----a-w- c:\windows\DUMP70bb.tmp
2012-05-02 23:11 . 2011-08-07 19:24 1409 ----a-w- c:\windows\QTFont.for
2012-05-02 21:46 . 2010-12-20 15:49 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2003-04-08 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2003-04-08 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2006-11-11 18:58 . 2006-11-11 18:55 13256032 ----a-w- c:\program files\PDFCreator-0_9_3_GPLGhostscript.exe
1999-12-20 11:30 . 2007-05-23 14:01 2532352 ----a-w- c:\program files\Succes.exe
1998-06-09 03:00 . 2007-05-23 14:01 244984 ----a-w- c:\program files\Tutil32.dll
1997-10-30 11:52 . 2006-08-20 09:59 893696 ----a-w- c:\program files\Huisstyl.exe
1997-04-22 23:16 . 2006-08-20 09:59 40960 ----a-w- c:\program files\_ISREG32.DLL
1997-03-03 05:23 . 2006-08-20 09:59 546816 ----a-w- c:\program files\CRDE31V1.DLL
1997-03-03 05:23 . 2006-08-20 09:59 251168 ----a-w- c:\program files\ILSPEC16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 168998 ----a-w- c:\program files\ILTIF16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 144758 ----a-w- c:\program files\ILDXF16.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"LiveNote"="livenote.exe" [2002-07-11 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-04-30 966706]
"HPpromo psc 2175"="c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" [2003-09-08 126976]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-04-18 36864]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Anvshell"="anvshell.exe" [2003-05-29 348160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-11-17 00:08 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-04-07 20:36 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater10.2.0"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup(3).exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup.exe"=
.
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [23-2-2004 0:59 233280]
R2 MSSQL$PROFITSQL;MSSQL$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 14:21 92592]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5-5-2012 14:08 129976]
S3 SQLAgent$PROFITSQL;SQLAgent$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-23 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8079556103.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2004-07-15 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8081533955.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004Core.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004UA.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-05-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-05-31 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-07-16 07:53]
.
2012-05-31 c:\windows\Tasks\User_Feed_Synchronization-{B40B18CC-DAF1-4CF8-9BAE-75762FDF6441}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=290412_4_vs&babsrc=HP_ss&mntrId=d0e541bd000000000000000c6eed84ae
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI02DC~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.150 195.241.77.55 195.241.77.58
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
FF - ProfilePath - c:\documents and settings\carla\Application Data\Mozilla\Firefox\Profiles\gnb9jtzd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: extentions.y2layers.installId - 97219f5c-e138-40c9-9f60-ac4c9eb86b3c
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-31 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|˙˙˙˙•€|ů•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2008)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-05-31 18:19:08
ComboFix-quarantined-files.txt 2012-05-31 16:19
ComboFix2.txt 2012-05-31 15:34
.
Pre-Run: 82.346.225.664 bytes beschikbaar
Post-Run: 82.335.948.800 bytes beschikbaar
.
- - End Of File - - AAAA69EF03E9BAE6BB6A9DFD20358D8F

###################################################################################
###################################################################################

Just for info:
I know how to make FF my default browser, that not a problem. But every time I reboot FF isn't my defautl browser anymore. So some program (malware ? ) is changing the settings.


I updaed Acrobat Reader to version 10.10


Verified Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 32)

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 01 June 2012 - 07:02 AM

I know how to make FF my default browser, that not a problem. But every time I reboot FF isn't my defautl browser anymore. So some program (malware ? ) is changing the settings.

Check Internet Explorer under Tools> Internet Options > programs> Check the default Browsing check box to for IE.

===

Because of this last entry in the header of ComboFix the remark that AVG is still active. It's a false positive.
ComboFix 12-05-31.02 - carla 31-05-2012 18:06:57.10.2 - x86
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

If all is well you should reinstall AVG.
If you want to install an other Security suite let me know and I will give you a script to remove the entry in the registry.

Let me know what problem persists.

#9 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:36 AM

Posted 01 June 2012 - 07:20 AM

I installed MS Essentials a week ago.
So if you can provide me a script to remove the registry that would be fine.

Is the machine clean now?
I still have the Savedump.exe error at start up.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 01 June 2012 - 08:19 AM

SecCenter::
17DDD097-36FF-435F-9E1B-52D74245D6BF

Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===


Is the machine clean now?

I do not see any malware trace in your logs.


I still have the Savedump.exe error at start up.
This program can start because DBGHELP.dll can't be found.
Installing this program can agoin can solve this problem


This is not my forte.

Read about the issue.

http://www.pcerrorfixtip.com/savedump.exe-963.html

http://msdn.microsoft.com/en-us/library/windows/desktop/ms679294%28v=vs.85%29.aspx

Since I cannot help you with this problem I suggest you start a new topic in the Windows XP forum.
http://www.bleepingcomputer.com/forums/forum56.html

A technican may be able to guide you in fixing this issue.

I will keep this topic open for 5 days. should you need to return please do so.

#11 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:36 AM

Posted 01 June 2012 - 09:34 AM

OK, I fixed the Savedump.exe error myself.
In \windows\system32 was a file names dbghelp.dll.old I renamed that to dbghelp.dll

I will post 2 Combofix logs:
1) started with the CFScript file that removed AVG (got the message AVG si stille running)
2) after a reboot (no more complaining about a running AVG instance)


###################################################################################
###################################################################################
ComboFix_(with_CFScript.txt_to_remove_AVG)
###################################################################################
###################################################################################

ComboFix 12-06-01.02 - carla 01-06-2012 15:28:40.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1047 [GMT 2:00]
Gestart vanuit: c:\documents and settings\carla\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\carla\Bureaublad\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-01 to 2012-06-01 ))))))))))))))))))))))))))))))
.
.
2012-06-01 12:47 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FB6D56B-5557-46B5-9F51-2AAA9EDD8204}\mpengine.dll
2012-05-31 11:02 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-07 14:13 . 2012-05-07 14:13 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\CUSTPDF Writer
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\I Want This
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\program files\DealPly
2012-05-07 09:32 . 2012-05-07 12:30 -------- d-----w- c:\documents and settings\carla\Application Data\babylon01
2012-05-07 09:31 . 2011-10-04 20:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- C:\Program1
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\Babylon
2012-05-07 09:31 . 2012-05-31 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Application Data\Babylon
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-05-07 09:28 . 2012-05-07 12:29 167 ----a-w- C:\user.js
2012-05-07 09:28 . 2012-05-07 09:28 -------- d-----w- c:\documents and settings\carla\Application Data\Softonic
2012-05-07 09:27 . 2012-06-01 12:21 -------- d-----w- c:\program files\FreePDF_XP
2012-05-07 09:27 . 2012-06-01 12:21 -------- d-----w- c:\documents and settings\carla\Application Data\FreePDF
2012-05-05 12:08 . 2012-05-05 12:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 07:08 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 07:06 . 2012-05-05 07:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-04 06:16 . 2012-05-04 06:16 -------- d-----w- C:\ac7c40f08dd5b0a151a0da44ab
2012-05-02 21:47 . 2012-05-02 21:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-02 21:46 . 2012-05-02 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 21:46 . 2012-05-02 21:46 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 21:46 . 2012-05-02 21:46 -------- d-----w- c:\program files\Java
2012-05-02 20:07 . 2012-05-02 20:12 3993600 ----a-w- c:\program files\GUT3B.tmp
2012-05-02 20:07 . 2012-05-02 20:07 -------- d-----w- c:\program files\GUM3A.tmp
2012-05-02 20:03 . 2012-05-03 15:37 -------- d-----w- c:\documents and settings\Administrator
2012-05-02 19:29 . 2012-05-02 19:36 -------- d-----w- c:\program files\GUM2.tmp
2012-05-02 19:29 . 2012-05-02 19:29 3993600 ----a-w- c:\program files\GUT3.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 12:23 . 2004-02-22 21:29 98304 ----a-w- c:\windows\DUMP6ea8.tmp
2012-05-14 11:19 . 2004-02-22 21:29 90112 ----a-w- c:\windows\DUMP70bb.tmp
2012-05-02 23:11 . 2011-08-07 19:24 1409 ----a-w- c:\windows\QTFont.for
2012-05-02 21:46 . 2010-12-20 15:49 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2003-04-08 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2003-04-08 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2006-11-11 18:58 . 2006-11-11 18:55 13256032 ----a-w- c:\program files\PDFCreator-0_9_3_GPLGhostscript.exe
1999-12-20 11:30 . 2007-05-23 14:01 2532352 ----a-w- c:\program files\Succes.exe
1998-06-09 03:00 . 2007-05-23 14:01 244984 ----a-w- c:\program files\Tutil32.dll
1997-10-30 11:52 . 2006-08-20 09:59 893696 ----a-w- c:\program files\Huisstyl.exe
1997-04-22 23:16 . 2006-08-20 09:59 40960 ----a-w- c:\program files\_ISREG32.DLL
1997-03-03 05:23 . 2006-08-20 09:59 546816 ----a-w- c:\program files\CRDE31V1.DLL
1997-03-03 05:23 . 2006-08-20 09:59 251168 ----a-w- c:\program files\ILSPEC16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 168998 ----a-w- c:\program files\ILTIF16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 144758 ----a-w- c:\program files\ILDXF16.DLL
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-31_16.16.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-01 12:50 . 2012-06-01 12:50 16384 c:\windows\temp\Perflib_Perfdata_dc.dat
+ 2012-06-01 12:50 . 2012-06-01 12:50 16384 c:\windows\temp\Perflib_Perfdata_770.dat
+ 2003-04-08 12:00 . 2008-04-14 17:02 640000 c:\windows\system32\dbghelp.dll
+ 2012-05-31 18:44 . 2012-05-31 18:44 2309120 c:\windows\Installer\781267.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"LiveNote"="livenote.exe" [2002-07-11 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-04-30 966706]
"HPpromo psc 2175"="c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" [2003-09-08 126976]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-04-18 36864]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Anvshell"="anvshell.exe" [2003-05-29 348160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-11-17 00:08 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-04-07 20:36 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater10.2.0"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup(3).exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup.exe"=
.
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [23-2-2004 0:59 233280]
R2 MSSQL$PROFITSQL;MSSQL$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 14:21 92592]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5-5-2012 14:08 129976]
S3 SQLAgent$PROFITSQL;SQLAgent$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8079556103.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2004-07-15 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8081533955.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004Core.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004UA.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-06-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-06-01 c:\windows\Tasks\User_Feed_Synchronization-{B40B18CC-DAF1-4CF8-9BAE-75762FDF6441}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI02DC~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.150 195.241.77.55 195.241.77.58
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
FF - ProfilePath - c:\documents and settings\carla\Application Data\Mozilla\Firefox\Profiles\gnb9jtzd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|˙˙˙˙•€|ů•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1044)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-06-01 15:41:57
ComboFix-quarantined-files.txt 2012-06-01 13:41
ComboFix2.txt 2012-05-31 16:19
ComboFix3.txt 2012-05-31 15:34
.
Pre-Run: 81.926.426.624 bytes beschikbaar
Post-Run: 81.936.412.672 bytes beschikbaar
.
- - End Of File - - 4BE8558D601A1E695C73CC97DBD1F822

###################################################################################
###################################################################################
ComboFix_(after_CFScript.txt_to_remove_AVG)_
###################################################################################
###################################################################################
ComboFix 12-06-01.02 - carla 01-06-2012 15:49:45.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1100 [GMT 2:00]
Gestart vanuit: c:\documents and settings\carla\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-01 to 2012-06-01 ))))))))))))))))))))))))))))))
.
.
2012-06-01 12:47 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FB6D56B-5557-46B5-9F51-2AAA9EDD8204}\mpengine.dll
2012-05-31 11:02 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-07 14:13 . 2012-05-07 14:13 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\CUSTPDF Writer
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\I Want This
2012-05-07 09:33 . 2012-05-07 09:33 -------- d-----w- c:\program files\DealPly
2012-05-07 09:32 . 2012-05-07 12:30 -------- d-----w- c:\documents and settings\carla\Application Data\babylon01
2012-05-07 09:31 . 2011-10-04 20:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- C:\Program1
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Local Settings\Application Data\Babylon
2012-05-07 09:31 . 2012-05-31 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\carla\Application Data\Babylon
2012-05-07 09:31 . 2012-05-07 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-05-07 09:28 . 2012-05-07 12:29 167 ----a-w- C:\user.js
2012-05-07 09:28 . 2012-05-07 09:28 -------- d-----w- c:\documents and settings\carla\Application Data\Softonic
2012-05-07 09:27 . 2012-06-01 12:21 -------- d-----w- c:\program files\FreePDF_XP
2012-05-07 09:27 . 2012-06-01 12:21 -------- d-----w- c:\documents and settings\carla\Application Data\FreePDF
2012-05-05 12:08 . 2012-05-05 12:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 07:08 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 07:06 . 2012-05-05 07:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-04 06:16 . 2012-05-04 06:16 -------- d-----w- C:\ac7c40f08dd5b0a151a0da44ab
2012-05-02 21:47 . 2012-05-02 21:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-02 21:46 . 2012-05-02 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-02 21:46 . 2012-05-02 21:46 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 21:46 . 2012-05-02 21:46 -------- d-----w- c:\program files\Java
2012-05-02 20:07 . 2012-05-02 20:12 3993600 ----a-w- c:\program files\GUT3B.tmp
2012-05-02 20:07 . 2012-05-02 20:07 -------- d-----w- c:\program files\GUM3A.tmp
2012-05-02 20:03 . 2012-05-03 15:37 -------- d-----w- c:\documents and settings\Administrator
2012-05-02 19:29 . 2012-05-02 19:36 -------- d-----w- c:\program files\GUM2.tmp
2012-05-02 19:29 . 2012-05-02 19:29 3993600 ----a-w- c:\program files\GUT3.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 12:23 . 2004-02-22 21:29 98304 ----a-w- c:\windows\DUMP6ea8.tmp
2012-05-14 11:19 . 2004-02-22 21:29 90112 ----a-w- c:\windows\DUMP70bb.tmp
2012-05-02 23:11 . 2011-08-07 19:24 1409 ----a-w- c:\windows\QTFont.for
2012-05-02 21:46 . 2010-12-20 15:49 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2003-04-08 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2003-04-08 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2006-11-11 18:58 . 2006-11-11 18:55 13256032 ----a-w- c:\program files\PDFCreator-0_9_3_GPLGhostscript.exe
1999-12-20 11:30 . 2007-05-23 14:01 2532352 ----a-w- c:\program files\Succes.exe
1998-06-09 03:00 . 2007-05-23 14:01 244984 ----a-w- c:\program files\Tutil32.dll
1997-10-30 11:52 . 2006-08-20 09:59 893696 ----a-w- c:\program files\Huisstyl.exe
1997-04-22 23:16 . 2006-08-20 09:59 40960 ----a-w- c:\program files\_ISREG32.DLL
1997-03-03 05:23 . 2006-08-20 09:59 546816 ----a-w- c:\program files\CRDE31V1.DLL
1997-03-03 05:23 . 2006-08-20 09:59 251168 ----a-w- c:\program files\ILSPEC16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 168998 ----a-w- c:\program files\ILTIF16.DLL
1997-03-03 05:23 . 2006-08-20 09:59 144758 ----a-w- c:\program files\ILDXF16.DLL
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-31_16.16.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-01 13:44 . 2012-06-01 13:44 16384 c:\windows\temp\Perflib_Perfdata_7a4.dat
+ 2012-06-01 13:44 . 2012-06-01 13:44 16384 c:\windows\temp\Perflib_Perfdata_12c.dat
+ 2003-04-08 12:00 . 2008-04-14 17:02 640000 c:\windows\system32\dbghelp.dll
+ 2012-05-31 18:44 . 2012-05-31 18:44 2309120 c:\windows\Installer\781267.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"LiveNote"="livenote.exe" [2002-07-11 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-04-30 966706]
"HPpromo psc 2175"="c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" [2003-09-08 126976]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-04-18 36864]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Anvshell"="anvshell.exe" [2003-05-29 348160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-11-17 00:08 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-04-07 20:36 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater10.2.0"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup(3).exe"=
"c:\\Documents and Settings\\carla\\Mijn documenten\\Downloads\\FLVPlayerSetup.exe"=
.
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [23-2-2004 0:59 233280]
R2 MSSQL$PROFITSQL;MSSQL$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlservr.exe -sPROFITSQL [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 14:21 92592]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-12-2009 14:03 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5-5-2012 14:08 129976]
S3 SQLAgent$PROFITSQL;SQLAgent$PROFITSQL;c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL --> c:\program files\AFAS Software\MSSQL$PROFITSQL\Binn\sqlagent.EXE -i PROFITSQL [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8079556103.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2004-07-15 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8081533955.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 12:02]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004Core.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1214440339-725345543-1004UA.job
- c:\documents and settings\carla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-30 14:34]
.
2012-06-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-06-01 c:\windows\Tasks\User_Feed_Synchronization-{B40B18CC-DAF1-4CF8-9BAE-75762FDF6441}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI02DC~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.150 195.241.77.55 195.241.77.58
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
FF - ProfilePath - c:\documents and settings\carla\Application Data\Mozilla\Firefox\Profiles\gnb9jtzd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 16:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|˙˙˙˙•€|ů•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3768)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-06-01 16:02:35
ComboFix-quarantined-files.txt 2012-06-01 14:02
ComboFix2.txt 2012-06-01 13:41
ComboFix3.txt 2012-05-31 16:19
ComboFix4.txt 2012-05-31 15:34
.
Pre-Run: 81.953.968.128 bytes beschikbaar
Post-Run: 81.942.130.688 bytes beschikbaar
.
- - End Of File - - EBB135FC4E3A920F2B40E86D075CAF90

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 01 June 2012 - 01:06 PM

Looking good.

any remaining issues?

#13 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:36 AM

Posted 01 June 2012 - 04:34 PM

I don't think so.

Let's close this Topic for now.
Thanks for your help.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 02 June 2012 - 07:14 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 08 June 2012 - 10:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users