Jump to content

Getting IP addresses from China !


Guest garybear
 Share

Recommended Posts

Guest garybear

Hi! Please be patient. I'm here because noknojon suggested me to post here. On occasions I get a lot of blocked IP addresses from China. I have been informed that my firewall (OnlineArmor or my router) should have stopped these before MBAM. I have a Comtrend Router. I have completed the first step and did a quick scan with MBAM. I saw no infections. I'm not sure want the next step should be. I have the paid version. The only problem I'm having is the one mentioned above. Here is my scan log. Thank you for your help.

Garybear!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4722

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/30/2010 6:33:42 AM

mbam-log-2010-09-30 (06-33-42).txt

Scan type: Quick scan

Objects scanned: 200107

Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest garybear

Hi Chris!

I know . I messed up. They are still on my desk top. Will send DDS.txt. If you want me to run DDS again , please let me know.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 18:22:53.37 on Thu 09/30/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.485 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Emsisoft\Online Armor\OAcat.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Emsisoft\Online Armor\oasrv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Emsisoft\Online Armor\oaui.exe

C:\Program Files\Emsisoft\Online Armor\OAhlp.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\FastStone Capture\FSCapture.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =

mStart Page = hxxp://uk.yahoo.com

mDefault_Page_URL = hxxp://uk.yahoo.com

mURLSearchHooks: H - No File

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: EditLevel = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: microsoft.com\www.update

TCP: {A6E9D1DD-4E0E-418F-8ED7-77330E9998A4} = 64.250.192.64 64.250.192.65

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online armor\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\go84pron.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=iw

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\reader\browser\nppdf32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-7-29 15328]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-6 11608]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-7-21 236104]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-7-21 22600]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-7-21 28232]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-6 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-6 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-6 60936]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-19 20072]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-13 304464]

R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-7-21 1283400]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-7-29 220128]

R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-7-21 3364680]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-13 20952]

R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-7-29 44512]

S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-1-21 93544]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2010-7-29 12256]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]

=============== Created Last 30 ================

2010-09-24 18:58:54 0 dc----w- c:\docume~1\owner\applic~1\Tor

2010-09-24 18:58:51 0 dc----w- c:\program files\Vidalia Bundle

2010-09-19 22:24:52 0 dc----w- c:\windows\system32\wbem\Repository

2010-09-19 22:23:51 0 dc----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com

2010-09-17 00:08:02 0 dc----w- c:\windows\MATS

2010-09-17 00:08:00 0 dc----w- c:\program files\Microsoft Fix it Center

2010-09-01 05:34:03 0 dc----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-09-19 22:29:26 17576 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-17 13:17:06 58880 -c--a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 -c--a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

2010-07-12 14:28:04 262144 ----a-w- C:\ntuser.dat

2008-03-20 00:03:54 441 -c--a-w- c:\program files\regfav.ini

2007-02-17 07:52:12 10152 -c--a-w- c:\program files\ARA.ini

2007-02-03 22:31:12 258352 -c--a-w- c:\program files\UNICOWS.DLL

2007-02-03 22:31:12 237568 -c--a-w- c:\program files\MSLURT.dll

2007-02-03 22:31:10 995410 -c--a-w- c:\program files\MFC42LU.DLL

2007-02-03 22:31:10 393216 -c--a-w- c:\program files\MSLUP60.dll

2006-08-21 20:20:00 679936 -c--a-w- c:\program files\libeay32.dll

2006-08-21 20:20:00 413696 -c--a-w- c:\program files\msvcp60.dll

2006-08-21 20:20:00 147728 -c--a-w- c:\program files\ASYCFILT.DLL

2006-08-21 20:20:00 147456 -c--a-w- c:\program files\ssleay32.dll

2006-08-21 20:20:00 1028096 -c--a-w- c:\program files\mfc42.dll

2008-06-20 19:07:00 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060920080616\index.dat

2008-06-20 19:07:00 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062020080621\index.dat

2009-02-08 02:00:38 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat

2009-02-08 06:53:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

2009-02-20 00:29:12 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021920090220\index.dat

2009-03-23 08:08:44 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032320090324\index.dat

============= FINISH: 18:27:04.75 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (AVG and Antivir) and more than one firewall (Online Armor and ZoneZlarm). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus and firewall program.

After that, restart your computer.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Guest garybear

Hi Chris!!

I noticed that in the log. I'm no longer using AVG or Zone Alarm. I have tried every thing I know of to remove all traces of them. I have used AVG removal tool. I have used Regedit, RegSeeker. I haven't had Zone Alarm for a long time. Please tell me how I can get rid of all traces of them.

Garybear. PS I will run combo fis and DDS again. Thank you Chris!!

Link to post
Share on other sites

Guest garybear

Hi Chris!

Here is ComboFix log!! I will do the DDS and send it also.

ComboFix 10-10-02.02 - Owner 10/03/2010 11:27:53.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.668 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Downloaded Program Files\ODCTOOLS

.

((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))

.

2010-10-02 20:51 . 2010-10-02 20:51 -------- dc----w- c:\windows\Logs

2010-09-24 18:58 . 2010-09-28 16:18 -------- dc----w- c:\documents and settings\Owner\Application Data\Tor

2010-09-24 18:58 . 2010-09-28 16:18 -------- dc----w- c:\documents and settings\Owner\Application Data\Vidalia

2010-09-24 18:58 . 2010-09-24 18:58 -------- dc----w- c:\program files\Vidalia Bundle

2010-09-19 22:24 . 2010-09-19 22:24 -------- dc----w- c:\windows\system32\wbem\Repository

2010-09-19 22:23 . 2010-09-19 22:23 -------- dc----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2010-09-19 20:11 . 2010-09-19 20:11 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Eraser 6

2010-09-17 00:29 . 2010-09-17 00:29 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter

2010-09-17 00:08 . 2010-09-17 00:08 -------- dc----w- c:\windows\MATS

2010-09-17 00:08 . 2010-09-17 00:08 -------- dc----w- c:\program files\Microsoft Fix it Center

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-03 15:50 . 2010-05-15 00:58 -------- dc----w- c:\program files\Everything

2010-10-03 02:24 . 2010-04-16 20:51 -------- dc----w- c:\program files\Full Tilt Poker

2010-10-02 20:37 . 2009-08-20 05:42 -------- dc--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

2010-10-02 20:36 . 2010-05-18 21:06 -------- dc----w- c:\program files\SpywareBlaster

2010-09-30 16:04 . 2008-03-25 22:56 -------- dc----w- c:\program files\CCleaner

2010-09-30 01:19 . 2008-03-31 08:08 -------- dc----w- c:\program files\Microsoft Silverlight

2010-09-21 14:29 . 2010-05-11 21:46 63488 -c--a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-21 14:29 . 2009-10-04 21:18 117760 -c--a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-20 02:45 . 2010-06-22 03:11 -------- dc----w- c:\documents and settings\Owner\Application Data\WIPE

2010-09-19 23:11 . 2010-07-12 20:22 -------- dc----w- c:\program files\Yahoo!

2010-09-19 23:04 . 2009-10-04 21:16 -------- dc----w- c:\program files\SUPERAntiSpyware

2010-09-19 22:29 . 2009-04-23 03:46 17576 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-09-19 22:24 . 2010-01-21 17:32 -------- dc----w- c:\program files\CDBurnerXP

2010-09-19 22:24 . 2009-01-31 21:59 -------- dc----w- c:\program files\Eraser

2010-09-19 22:23 . 2009-01-14 01:24 -------- dc----w- c:\program files\Unlocker

2010-09-19 20:30 . 2009-01-30 16:50 -------- dc----w- c:\program files\VS Revo Group

2010-09-19 19:39 . 2008-01-28 23:14 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-03 17:03 . 2009-08-24 20:16 228 -c--a-w- c:\windows\system32\edacded0.dat

2010-09-01 05:34 . 2010-09-01 05:34 388096 -c--a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-01 05:34 . 2010-09-01 05:34 -------- dc----w- c:\program files\Trend Micro

2010-09-01 01:39 . 2007-01-29 01:34 -------- dc----w- c:\program files\Windows Media Connect 2

2010-08-20 21:27 . 2010-08-20 21:27 -------- dc----w- c:\program files\WOT

2010-08-17 13:17 . 2008-04-14 11:42 58880 -c--a-w- c:\windows\system32\spoolsv.exe

2010-08-15 14:58 . 2010-08-11 17:50 27591840 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe

2010-08-11 22:49 . 2009-12-17 05:00 -------- dc----w- c:\documents and settings\Owner\Application Data\FastStone

2010-08-11 22:48 . 2010-08-11 22:48 -------- dc----w- c:\program files\FastStone Photo Resizer

2010-07-29 19:28 . 2010-07-29 20:05 12256 -c--a-w- c:\windows\system32\drivers\PSVolAcc.sys

2010-07-29 19:28 . 2010-07-29 20:05 15328 -c--a-w- c:\windows\system32\drivers\pssnap.sys

2010-07-29 19:27 . 2010-07-29 20:05 44512 -c--a-w- c:\windows\system32\drivers\psmounter.sys

2010-07-22 15:49 . 2008-04-14 11:42 590848 -c--a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-17 06:38 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

2010-07-12 14:28 . 2010-07-12 14:28 262144 ----a-w- C:\ntuser.dat

2010-07-07 17:25 . 2010-07-21 18:49 22600 -c--a-w- c:\windows\system32\drivers\OAmon.sys

2010-07-07 17:25 . 2010-07-21 18:49 28232 -c--a-w- c:\windows\system32\drivers\OAnet.sys

2010-07-07 17:25 . 2010-07-21 18:49 236104 -c--a-w- c:\windows\system32\drivers\OADriver.sys

2008-03-20 00:03 . 2006-10-20 22:04 441 -c--a-w- c:\program files\regfav.ini

2007-02-17 07:52 . 2006-08-21 20:19 10152 -c--a-w- c:\program files\ARA.ini

2007-02-03 22:31 . 2007-02-03 22:31 258352 -c--a-w- c:\program files\UNICOWS.DLL

2007-02-03 22:31 . 2007-02-03 22:31 237568 -c--a-w- c:\program files\MSLURT.dll

2007-02-03 22:31 . 2007-02-03 22:31 995410 -c--a-w- c:\program files\MFC42LU.DLL

2007-02-03 22:31 . 2007-02-03 22:31 393216 -c--a-w- c:\program files\MSLUP60.dll

2006-08-21 20:20 . 2006-08-21 20:20 679936 -c--a-w- c:\program files\libeay32.dll

2006-08-21 20:20 . 2006-08-21 20:20 413696 -c--a-w- c:\program files\msvcp60.dll

2006-08-21 20:20 . 2006-08-21 20:20 147728 -c--a-w- c:\program files\ASYCFILT.DLL

2006-08-21 20:20 . 2006-08-21 20:20 147456 -c--a-w- c:\program files\ssleay32.dll

2006-08-21 20:20 . 2006-08-21 20:20 1028096 -c--a-w- c:\program files\mfc42.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-07 6854984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\Online Armor\oaevent.dll" [2010-07-07 924488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^FastStone Capture.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2003-01-19 20:04 532880 -c--a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everything]

2009-03-13 01:18 602624 -c--a-w- c:\program files\Everything\Everything.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 21:18 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 18:08 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2010-04-29 20:39 437584 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]

2010-07-21 20:43 198864 -c--a-w- c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2008-03-01 05:10 15872 -c--a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [7/29/2010 3:05 PM 15328]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [7/21/2010 1:49 PM 236104]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [7/21/2010 1:49 PM 22600]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [7/21/2010 1:49 PM 28232]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/6/2010 12:04 PM 135336]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/19/2010 11:22 AM 20072]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/13/2009 10:03 PM 304464]

R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [7/21/2010 1:49 PM 1283400]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [7/29/2010 3:05 PM 220128]

R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [7/21/2010 1:49 PM 3364680]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2009 10:03 PM 20952]

S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [1/21/2010 12:23 PM 93544]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [6/19/2007 2:21 AM 18560]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [7/29/2010 3:05 PM 44512]

S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [7/29/2010 3:05 PM 12256]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/21/2010 12:24 PM 717296]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

2010-10-03 c:\windows\Tasks\ConfigExec.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-10-03 c:\windows\Tasks\DataUpload.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-09-06 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-06-15 21:48]

2010-10-03 c:\windows\Tasks\User_Feed_Synchronization-{DC4A16FE-4C9D-4150-9390-353D01AD4364}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://uk.yahoo.com

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: microsoft.com\www.update

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\go84pron.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=iw

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-03 11:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ac,f9,ac,f3,77,e5,46,9f,c9,85,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ac,f9,ac,f3,77,e5,46,9f,c9,85,\

[HKEY_USERS\S-1-5-20\Software\Policies\Microsoft]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup\0]

@DACL=(02 0000)

"b2d616dacc02fc34"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\

"b42c8d8e0ba38174"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\

"604f5070e6534612"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\

"a1538e51a3acc21a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

46,00,41,00,32,00,34,00,45,00,36,00,33,00,2d,00,42,00,30,00,37,00,38,00,2d,\

"ce2200417672dac3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,35,00,

45,00,36,00,41,00,42,00,37,00,38,00,30,00,2d,00,37,00,37,00,34,00,33,00,2d,\

"bdd293678f280589"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,35,00,

45,00,36,00,41,00,42,00,37,00,38,00,30,00,2d,00,37,00,37,00,34,00,33,00,2d,\

"9e5007d1b8eb6e61"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,35,00,

45,00,36,00,41,00,42,00,37,00,38,00,30,00,2d,00,37,00,37,00,34,00,33,00,2d,\

"6efd3d6d456034ee"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"ba16c9a1ef678a07"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,

32,00,42,00,46,00,30,00,43,00,32,00,30,00,2d,00,36,00,44,00,41,00,37,00,2d,\

"8d49d5f4d7e1ceec"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,

32,00,42,00,46,00,30,00,43,00,32,00,30,00,2d,00,36,00,44,00,41,00,37,00,2d,\

"4ff98fe742d088f0"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,

32,00,42,00,46,00,30,00,43,00,32,00,30,00,2d,00,36,00,44,00,41,00,37,00,2d,\

"6efd3d6ddc75642a"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"d06089e5bfd8ecfb"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

33,00,33,00,36,00,38,00,33,00,37,00,34,00,2d,00,43,00,46,00,31,00,39,00,2d,\

"e8abb44b953d171e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

33,00,33,00,36,00,38,00,33,00,37,00,34,00,2d,00,43,00,46,00,31,00,39,00,2d,\

"a2244b947d8ea600"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

33,00,33,00,36,00,38,00,33,00,37,00,34,00,2d,00,43,00,46,00,31,00,39,00,2d,\

"e4bd79b1192870b1"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,39,00,

31,00,45,00,41,00,33,00,46,00,38,00,42,00,2d,00,43,00,39,00,39,00,42,00,2d,\

"5af905ff5bb48e28"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,39,00,

31,00,45,00,41,00,33,00,46,00,38,00,42,00,2d,00,43,00,39,00,39,00,42,00,2d,\

"64868e7888b8fabc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,39,00,

31,00,45,00,41,00,33,00,46,00,38,00,42,00,2d,00,43,00,39,00,39,00,42,00,2d,\

"6efd3d6d2a3a9e9c"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"8debf4a98c26cbfc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

34,00,31,00,33,00,42,00,41,00,32,00,43,00,2d,00,42,00,34,00,36,00,31,00,2d,\

"3c3115c6c7e226fa"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

34,00,31,00,33,00,42,00,41,00,32,00,43,00,2d,00,42,00,34,00,36,00,31,00,2d,\

"3633832ab48de6a6"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

34,00,31,00,33,00,42,00,41,00,32,00,43,00,2d,00,42,00,34,00,36,00,31,00,2d,\

"6efd3d6dbf3425d1"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"d4d68259061d28fe"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

36,00,31,00,46,00,46,00,45,00,43,00,31,00,2d,00,37,00,35,00,34,00,46,00,2d,\

"f3e82f69f425f968"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

36,00,31,00,46,00,46,00,45,00,43,00,31,00,2d,00,37,00,35,00,34,00,46,00,2d,\

"db9558f097f98808"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

36,00,31,00,46,00,46,00,45,00,43,00,31,00,2d,00,37,00,35,00,34,00,46,00,2d,\

"6efd3d6d350fc6d3"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"82dbe8ea390bf58f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,

42,00,41,00,34,00,43,00,37,00,34,00,32,00,2d,00,39,00,45,00,38,00,31,00,2d,\

"aaf7bfc72a37aa69"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,

42,00,41,00,34,00,43,00,37,00,34,00,32,00,2d,00,39,00,45,00,38,00,31,00,2d,\

"1f79cbc16fd73ab4"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,

42,00,41,00,34,00,43,00,37,00,34,00,32,00,2d,00,39,00,45,00,38,00,31,00,2d,\

"6efd3d6d0a191ba2"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"b87f9c064de14a56"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,

31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\

"3abe75587676c0cc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,

31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\

"044bc65538fa145b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,

31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\

"0b7b84d185e227c5"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,32,00,

31,00,35,00,36,00,39,00,36,00,31,00,34,00,2d,00,42,00,37,00,39,00,35,00,2d,\

"6efd3d6d7ef3a47b"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"9dfb0fc71bde561a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

44,00,35,00,43,00,38,00,43,00,32,00,41,00,2d,00,44,00,30,00,37,00,35,00,2d,\

"c4bf800ef27c6e09"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

44,00,35,00,43,00,38,00,43,00,32,00,41,00,2d,00,44,00,30,00,37,00,35,00,2d,\

"b82d47c1687cf79b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

44,00,35,00,43,00,38,00,43,00,32,00,41,00,2d,00,44,00,30,00,37,00,35,00,2d,\

"cc6272181d854261"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,31,00,

36,00,39,00,41,00,30,00,36,00,39,00,31,00,2d,00,38,00,44,00,46,00,39,00,2d,\

"63bc367213f02c13"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,31,00,

36,00,39,00,41,00,30,00,36,00,39,00,31,00,2d,00,38,00,44,00,46,00,39,00,2d,\

"98beae4c2c86aef3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,31,00,

36,00,39,00,41,00,30,00,36,00,39,00,31,00,2d,00,38,00,44,00,46,00,39,00,2d,\

"6efd3d6d2e97ac4c"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"70ea3ba4081f61a2"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

46,00,34,00,46,00,36,00,35,00,31,00,30,00,2d,00,46,00,39,00,38,00,32,00,2d,\

"5d0f730a9327f224"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

46,00,34,00,46,00,36,00,35,00,31,00,30,00,2d,00,46,00,39,00,38,00,32,00,2d,\

"926325bb50f14a7f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

46,00,34,00,46,00,36,00,35,00,31,00,30,00,2d,00,46,00,39,00,38,00,32,00,2d,\

"6efd3d6d3b0d8f8f"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"0ca510bf42cfbdba"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\

"425a2003f93cf94b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\

"432df9142ef3ea25"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\

"00871fa9ec45b97c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

31,00,45,00,30,00,34,00,35,00,38,00,31,00,2d,00,34,00,45,00,45,00,45,00,2d,\

"6efd3d6d71dd5397"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"eb6683791116aae3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

30,00,38,00,43,00,31,00,31,00,44,00,32,00,2d,00,41,00,32,00,32,00,38,00,2d,\

"2c66680ad9e179b9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

30,00,38,00,43,00,31,00,31,00,44,00,32,00,2d,00,41,00,32,00,32,00,38,00,2d,\

"3fa89ec8da3c030a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

30,00,38,00,43,00,31,00,31,00,44,00,32,00,2d,00,41,00,32,00,32,00,38,00,2d,\

"6efd3d6d220444ce"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"46a2029de569088b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,33,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"2958cf8113737917"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,33,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"bd98986679d90f3c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,33,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"6efd3d6dd67be6a6"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"3b8ced057b2ed7e6"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"e4d96ccb69d0c60c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

37,00,35,00,36,00,41,00,36,00,34,00,31,00,2d,00,44,00,45,00,37,00,31,00,2d,\

"f9c61fdef54d6e5e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

37,00,35,00,36,00,41,00,36,00,34,00,31,00,2d,00,44,00,45,00,37,00,31,00,2d,\

"dd0c6598169f23ae"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

37,00,35,00,36,00,41,00,36,00,34,00,31,00,2d,00,44,00,45,00,37,00,31,00,2d,\

"6efd3d6d5ac22821"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"05a5614cdbf51d28"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

39,00,33,00,35,00,44,00,42,00,39,00,33,00,2d,00,32,00,31,00,45,00,38,00,2d,\

"efe249c963b7cb17"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

39,00,33,00,35,00,44,00,42,00,39,00,33,00,2d,00,32,00,31,00,45,00,38,00,2d,\

"688f4b8337f55f9b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

39,00,33,00,35,00,44,00,42,00,39,00,33,00,2d,00,32,00,31,00,45,00,38,00,2d,\

"6efd3d6de8e7f305"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"fe6d9232a2d869b9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,

65,00,36,00,35,00,33,00,32,00,31,00,35,00,2d,00,66,00,61,00,32,00,35,00,2d,\

"a533dedcbf0decc7"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,

65,00,36,00,35,00,33,00,32,00,31,00,35,00,2d,00,66,00,61,00,32,00,35,00,2d,\

"2c793b405b9046d2"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,37,00,

65,00,36,00,35,00,33,00,32,00,31,00,35,00,2d,00,66,00,61,00,32,00,35,00,2d,\

"6efd3d6d91ca8794"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"152a0842d6236acd"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,61,00,

63,00,66,00,33,00,35,00,30,00,31,00,35,00,2d,00,35,00,32,00,36,00,65,00,2d,\

"549b3c71d61cd014"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,61,00,

63,00,66,00,33,00,35,00,30,00,31,00,35,00,2d,00,35,00,32,00,36,00,65,00,2d,\

"484dc5247b0232a6"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,61,00,

63,00,66,00,33,00,35,00,30,00,31,00,35,00,2d,00,35,00,32,00,36,00,65,00,2d,\

"6efd3d6de53184e0"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"323aeb12fcc0abe5"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,34,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"f19bb4a7d7f5f7a9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,34,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"47a56b31e6983b4b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,34,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"6efd3d6dcfd245c8"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"a7395c3411d40f58"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

33,00,43,00,30,00,33,00,36,00,46,00,31,00,2d,00,41,00,31,00,38,00,36,00,2d,\

"3f7e04f0be8003de"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

33,00,43,00,30,00,33,00,36,00,46,00,31,00,2d,00,41,00,31,00,38,00,36,00,2d,\

"5d58b5f5b310fad3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

33,00,43,00,30,00,33,00,36,00,46,00,31,00,2d,00,41,00,31,00,38,00,36,00,2d,\

"6efd3d6d22c6e175"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"a99fa77d3613256a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,35,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"1686123034f2c0d6"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,35,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"e8e1f976d4ee875a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,30,00,

30,00,42,00,42,00,32,00,37,00,36,00,35,00,2d,00,36,00,41,00,37,00,37,00,2d,\

"6efd3d6d0501cb47"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"4befc015a1e727c3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

46,00,36,00,30,00,34,00,45,00,46,00,45,00,2d,00,38,00,38,00,39,00,37,00,2d,\

"61e044dda891e97d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

46,00,36,00,30,00,34,00,45,00,46,00,45,00,2d,00,38,00,38,00,39,00,37,00,2d,\

"6a35feccbcea2b2f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,41,00,

46,00,36,00,30,00,34,00,45,00,46,00,45,00,2d,00,38,00,38,00,39,00,37,00,2d,\

"abe0b0ac732d91be"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

41,00,46,00,34,00,41,00,35,00,46,00,43,00,2d,00,39,00,31,00,32,00,41,00,2d,\

"08465099fe66abd9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

41,00,46,00,34,00,41,00,35,00,46,00,43,00,2d,00,39,00,31,00,32,00,41,00,2d,\

"150e9811ca7d8016"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

41,00,46,00,34,00,41,00,35,00,46,00,43,00,2d,00,39,00,31,00,32,00,41,00,2d,\

"22963742ddd44b0a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,45,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"1dedba3610e51532"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,45,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"f866153a07291d18"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,45,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"6efd3d6deec6a527"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"995b2ce83a9e0f01"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

30,00,33,00,44,00,33,00,38,00,30,00,30,00,2d,00,42,00,44,00,38,00,31,00,2d,\

"b2f9ff427cffcced"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

30,00,33,00,44,00,33,00,38,00,30,00,30,00,2d,00,42,00,44,00,38,00,31,00,2d,\

"2d9c923b5a3ab291"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

30,00,33,00,44,00,33,00,38,00,30,00,30,00,2d,00,42,00,44,00,38,00,31,00,2d,\

"02fe6087f04d818e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

30,00,33,00,44,00,33,00,38,00,30,00,31,00,2d,00,42,00,44,00,38,00,31,00,2d,\

"55e459d59ff8fb92"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

30,00,33,00,44,00,33,00,38,00,30,00,31,00,2d,00,42,00,44,00,38,00,31,00,2d,\

"82d8007c684c0e80"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,36,00,

30,00,33,00,44,00,33,00,38,00,30,00,31,00,2d,00,42,00,44,00,38,00,31,00,2d,\

"4dc6214f9937743b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,

46,00,34,00,45,00,45,00,46,00,38,00,30,00,2d,00,42,00,46,00,45,00,38,00,2d,\

"dd01a393f6d2b914"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,

46,00,34,00,45,00,45,00,46,00,38,00,30,00,2d,00,42,00,46,00,45,00,38,00,2d,\

"93f9ba0df121427a"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,

46,00,34,00,45,00,45,00,46,00,38,00,30,00,2d,00,42,00,46,00,45,00,38,00,2d,\

"908e569722cd9dbc"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

33,00,38,00,37,00,35,00,35,00,43,00,32,00,2d,00,41,00,38,00,42,00,41,00,2d,\

"23339e0a67b56730"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

33,00,38,00,37,00,35,00,35,00,43,00,32,00,2d,00,41,00,38,00,42,00,41,00,2d,\

"28fc7c1a6c70bbdb"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,34,00,

33,00,38,00,37,00,35,00,35,00,43,00,32,00,2d,00,41,00,38,00,42,00,41,00,2d,\

"9b44a7f6f437b880"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"287a235af895b0e9"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,

43,00,43,00,46,00,38,00,41,00,34,00,31,00,2d,00,35,00,43,00,38,00,35,00,2d,\

"a63580a6831fb2ff"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,

43,00,43,00,46,00,38,00,41,00,34,00,31,00,2d,00,35,00,43,00,38,00,35,00,2d,\

"0f7057127944f7ae"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,33,00,

43,00,43,00,46,00,38,00,41,00,34,00,31,00,2d,00,35,00,43,00,38,00,35,00,2d,\

"6efd3d6dcb875ec4"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"cdab92a20eae66eb"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,43,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"223367873764acf3"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,43,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"ad1f742aaa1e957e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,43,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"6efd3d6d3dbc88c6"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"b9337b2d1707c585"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,44,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"faf01ca1f3e2224d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,44,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"5722877d355fa109"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

43,00,44,00,34,00,46,00,43,00,34,00,44,00,2d,00,35,00,32,00,31,00,43,00,2d,\

"6efd3d6d24152ba8"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"36c1aa19a6181d30"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,44,00,

44,00,33,00,31,00,33,00,45,00,30,00,34,00,2d,00,46,00,45,00,46,00,46,00,2d,\

"97a98db02daf9291"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,44,00,

44,00,33,00,31,00,33,00,45,00,30,00,34,00,2d,00,46,00,45,00,46,00,46,00,2d,\

"57f91898bbe800f2"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,44,00,

44,00,33,00,31,00,33,00,45,00,30,00,34,00,2d,00,46,00,45,00,46,00,46,00,2d,\

"6efd3d6d950af31d"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"5fbcaeb6ee72e791"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

46,00,38,00,41,00,44,00,32,00,44,00,31,00,2d,00,41,00,45,00,33,00,36,00,2d,\

"f2491f675799cb7f"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

46,00,38,00,41,00,44,00,32,00,44,00,31,00,2d,00,41,00,45,00,33,00,36,00,2d,\

"dd5c3b60973c3066"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

46,00,38,00,41,00,44,00,32,00,44,00,31,00,2d,00,41,00,45,00,33,00,36,00,2d,\

"6efd3d6ddd6009bc"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"54f749797fc4752e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

38,00,33,00,38,00,33,00,38,00,35,00,32,00,2d,00,46,00,43,00,44,00,33,00,2d,\

"0576efbc8bb384f0"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

38,00,33,00,38,00,33,00,38,00,35,00,32,00,2d,00,46,00,43,00,44,00,33,00,2d,\

"e4b677f7a0801c4e"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,46,00,

38,00,33,00,38,00,33,00,38,00,35,00,32,00,2d,00,46,00,43,00,44,00,33,00,2d,\

"36bd0f874181713b"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,38,00,

43,00,37,00,34,00,36,00,31,00,45,00,46,00,2d,00,32,00,42,00,31,00,33,00,2d,\

"c5ccf9e897898d90"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,38,00,

43,00,37,00,34,00,36,00,31,00,45,00,46,00,2d,00,32,00,42,00,31,00,33,00,2d,\

"5dd12fe7bd0b465d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,38,00,

43,00,37,00,34,00,36,00,31,00,45,00,46,00,2d,00,32,00,42,00,31,00,33,00,2d,\

"e9716fab77d2379d"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

35,00,36,00,38,00,32,00,39,00,43,00,39,00,2d,00,32,00,44,00,35,00,39,00,2d,\

"e5a743af037a8cf7"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

35,00,36,00,38,00,32,00,39,00,43,00,39,00,2d,00,32,00,44,00,35,00,39,00,2d,\

"ce4b10a9c301bf9c"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,5c,00,7b,00,45,00,

35,00,36,00,38,00,32,00,39,00,43,00,39,00,2d,00,32,00,44,00,35,00,39,00,2d,\

"9b44a7f60005bda5"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"860355bc9dc9954b"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"fe626d648daddcb4"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"a3d96c54e2d85759"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,2c,00,00,00

"6efd3d6dd1cab974"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"c8a5db7d407304de"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2c,00,00,00

"4635a1adcbb43589"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,2c,00,00,00

"ed21a16ac50e7468"=hex:2c,00,43,00,4c,00,53,00,49,00,44,00,2c,00,00,00

"c7748f3554caa76a"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,\

"942115cf0495ffb0"=hex:2c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,

5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,49,00,6e,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup\0.map]

@DACL=(02 0000)

"b2d616dacc02fc34"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E},,"

"b42c8d8e0ba38174"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E}\\DefaultIcon,,"

"604f5070e6534612"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E}\\InProcServer32,,"

"a1538e51a3acc21a"=",33,HKCR,CLSID\\{EFA24E63-B078-11d0-89E4-00C04FC9E26E}\\InProcServer32,ThreadingModel,"

"ce2200417672dac3"=",33,HKCR,CLSID\\{5E6AB780-7743-11CF-A12B-00AA004AE837},,"

"bdd293678f280589"=",33,HKCR,CLSID\\{5E6AB780-7743-11CF-A12B-00AA004AE837}\\InProcServer32,,"

"9e5007d1b8eb6e61"=",33,HKCR,CLSID\\{5E6AB780-7743-11CF-A12B-00AA004AE837}\\InProcServer32,ThreadingModel,"

"6efd3d6d456034ee"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{5E6AB780-7743-11CF-A12B-00AA004AE837},"

"ba16c9a1ef678a07"=",33,HKCR,CLSID\\{22BF0C20-6DA7-11D0-B373-00A0C9034938},,"

"8d49d5f4d7e1ceec"=",33,HKCR,CLSID\\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\\InProcServer32,,"

"4ff98fe742d088f0"=",33,HKCR,CLSID\\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\\InProcServer32,ThreadingModel,"

"6efd3d6ddc75642a"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{22BF0C20-6DA7-11D0-B373-00A0C9034938},"

"d06089e5bfd8ecfb"=",33,HKCR,CLSID\\{F3368374-CF19-11d0-B93D-00A0C90312e1},,"

"e8abb44b953d171e"=",33,HKCR,CLSID\\{F3368374-CF19-11d0-B93D-00A0C90312e1}\\InProcServer32,,"

"a2244b947d8ea600"=",33,HKCR,CLSID\\{F3368374-CF19-11d0-B93D-00A0C90312e1}\\InProcServer32,ThreadingModel,"

"e4bd79b1192870b1"=",33,HKCR,CLSID\\{91EA3F8B-C99B-11d0-9815-00C04FD91972},,"

"5af905ff5bb48e28"=",33,HKCR,CLSID\\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\\InProcServer32,,"

"64868e7888b8fabc"=",33,HKCR,CLSID\\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\\InProcServer32,ThreadingModel,"

"6efd3d6d2a3a9e9c"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{91EA3F8B-C99B-11d0-9815-00C04FD91972},"

"8debf4a98c26cbfc"=",33,HKCR,CLSID\\{6413BA2C-B461-11d1-A18A-080036B11A03},,"

"3c3115c6c7e226fa"=",33,HKCR,CLSID\\{6413BA2C-B461-11d1-A18A-080036B11A03}\\InProcServer32,,"

"3633832ab48de6a6"=",33,HKCR,CLSID\\{6413BA2C-B461-11d1-A18A-080036B11A03}\\InProcServer32,ThreadingModel,"

"6efd3d6dbf3425d1"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{6413BA2C-B461-11d1-A18A-080036B11A03},"

"d4d68259061d28fe"=",33,HKCR,CLSID\\{F61FFEC1-754F-11d0-80CA-00AA005B4383},,"

"f3e82f69f425f968"=",33,HKCR,CLSID\\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\\InProcServer32,,"

"db9558f097f98808"=",33,HKCR,CLSID\\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\\InProcServer32,ThreadingModel,"

"6efd3d6d350fc6d3"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{F61FFEC1-754F-11d0-80CA-00AA005B4383},"

"82dbe8ea390bf58f"=",33,HKCR,CLSID\\{7BA4C742-9E81-11CF-99D3-00AA004AE837},,"

"aaf7bfc72a37aa69"=",33,HKCR,CLSID\\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\\InProcServer32,,"

"1f79cbc16fd73ab4"=",33,HKCR,CLSID\\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\\InProcServer32,ThreadingModel,"

"6efd3d6d0a191ba2"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{7BA4C742-9E81-11CF-99D3-00AA004AE837},"

"b87f9c064de14a56"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD},,"

"3abe75587676c0cc"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD}\\DefaultIcon,,"

"044bc65538fa145b"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD}\\InProcServer32,,"

"0b7b84d185e227c5"=",33,HKCR,CLSID\\{21569614-B795-46b1-85F4-E737A8DC09AD}\\InProcServer32,ThreadingModel,"

"6efd3d6d7ef3a47b"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{21569614-B795-46b1-85F4-E737A8DC09AD},"

"9dfb0fc71bde561a"=",33,HKCR,CLSID\\{4D5C8C2A-D075-11d0-B416-00C04FB90376},,"

"c4bf800ef27c6e09"=",33,HKCR,CLSID\\{4D5C8C2A-D075-11d0-B416-00C04FB90376}\\InProcServer32,,"

"b82d47c1687cf79b"=",33,HKCR,CLSID\\{4D5C8C2A-D075-11d0-B416-00C04FB90376}\\InProcServer32,ThreadingModel,"

"cc6272181d854261"=",33,HKCR,CLSID\\{169A0691-8DF9-11d1-A1C4-00C04FD75D13},,"

"63bc367213f02c13"=",33,HKCR,CLSID\\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\\InProcServer32,,"

"98beae4c2c86aef3"=",33,HKCR,CLSID\\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\\InProcServer32,ThreadingModel,"

"6efd3d6d2e97ac4c"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{169A0691-8DF9-11d1-A1C4-00C04FD75D13},"

"70ea3ba4081f61a2"=",33,HKCR,CLSID\\{AF4F6510-F982-11d0-8595-00AA004CD6D8},,"

"5d0f730a9327f224"=",33,HKCR,CLSID\\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\\InProcServer32,,"

"926325bb50f14a7f"=",33,HKCR,CLSID\\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\\InProcServer32,ThreadingModel,"

"6efd3d6d3b0d8f8f"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{AF4F6510-F982-11d0-8595-00AA004CD6D8},"

"0ca510bf42cfbdba"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383},,"

"425a2003f93cf94b"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383},MenuTextPUI,"

"432df9142ef3ea25"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\\InProcServer32,,"

"00871fa9ec45b97c"=",33,HKCR,CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\\InProcServer32,ThreadingModel,"

"6efd3d6d71dd5397"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{01E04581-4EEE-11d0-BFE9-00AA005B4383},"

"eb6683791116aae3"=",33,HKCR,CLSID\\{A08C11D2-A228-11d0-825B-00AA005B4383},,"

"2c66680ad9e179b9"=",33,HKCR,CLSID\\{A08C11D2-A228-11d0-825B-00AA005B4383}\\InProcServer32,,"

"3fa89ec8da3c030a"=",33,HKCR,CLSID\\{A08C11D2-A228-11d0-825B-00AA005B4383}\\InProcServer32,ThreadingModel,"

"6efd3d6d220444ce"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{A08C11D2-A228-11d0-825B-00AA005B4383},"

"46a2029de569088b"=",33,HKCR,CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062},,"

"2958cf8113737917"=",33,HKCR,CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,,"

"bd98986679d90f3c"=",33,HKCR,CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,ThreadingModel,"

"6efd3d6dd67be6a6"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{00BB2763-6A77-11D0-A535-00C04FD7D062},"

"3b8ced057b2ed7e6"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileAssociation,CutList,"

"e4d96ccb69d0c60c"=",33,HKCR,CLSID\\{6756A641-DE71-11d0-831B-00AA005B4383},,"

"f9c61fdef54d6e5e"=",33,HKCR,CLSID\\{6756A641-DE71-11d0-831B-00AA005B4383}\\InProcServer32,,"

"dd0c6598169f23ae"=",33,HKCR,CLSID\\{6756A641-DE71-11d0-831B-00AA005B4383}\\InProcServer32,ThreadingModel,"

"6efd3d6d5ac22821"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{6756A641-DE71-11d0-831B-00AA005B4383},"

"05a5614cdbf51d28"=",33,HKCR,CLSID\\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A},,"

"efe249c963b7cb17"=",33,HKCR,CLSID\\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\\InProcServer32,,"

"688f4b8337f55f9b"=",33,HKCR,CLSID\\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\\InProcServer32,ThreadingModel,"

"6efd3d6de8e7f305"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A},"

"fe6d9232a2d869b9"=",33,HKCR,CLSID\\{7e653215-fa25-46bd-a339-34a2790f3cb7},,"

"a533dedcbf0decc7"=",33,HKCR,CLSID\\{7e653215-fa25-46bd-a339-34a2790f3cb7}\\InProcServer32,,"

"2c793b405b9046d2"=",33,HKCR,CLSID\\{7e653215-fa25-46bd-a339-34a2790f3cb7}\\InProcServer32,ThreadingModel,"

"6efd3d6d91ca8794"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{7e653215-fa25-46bd-a339-34a2790f3cb7},"

"152a0842d6236acd"=",33,HKCR,CLSID\\{acf35015-526e-4230-9596-becbe19f0ac9},,"

"549b3c71d61cd014"=",33,HKCR,CLSID\\{acf35015-526e-4230-9596-becbe19f0ac9}\\InProcServer32,,"

"484dc5247b0232a6"=",33,HKCR,CLSID\\{acf35015-526e-4230-9596-becbe19f0ac9}\\InProcServer32,ThreadingModel,"

"6efd3d6de53184e0"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{acf35015-526e-4230-9596-becbe19f0ac9},"

"323aeb12fcc0abe5"=",33,HKCR,CLSID\\{00BB2764-6A77-11D0-A535-00C04FD7D062},,"

"f19bb4a7d7f5f7a9"=",33,HKCR,CLSID\\{00BB2764-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,,"

"47a56b31e6983b4b"=",33,HKCR,CLSID\\{00BB2764-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,ThreadingModel,"

"6efd3d6dcfd245c8"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{00BB2764-6A77-11D0-A535-00C04FD7D062},"

"a7395c3411d40f58"=",33,HKCR,CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383},,"

"3f7e04f0be8003de"=",33,HKCR,CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32,,"

"5d58b5f5b310fad3"=",33,HKCR,CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32,ThreadingModel,"

"6efd3d6d22c6e175"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{03C036F1-A186-11D0-824A-00AA005B4383},"

"a99fa77d3613256a"=",33,HKCR,CLSID\\{00BB2765-6A77-11D0-A535-00C04FD7D062},,"

"1686123034f2c0d6"=",33,HKCR,CLSID\\{00BB2765-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,,"

"e8e1f976d4ee875a"=",33,HKCR,CLSID\\{00BB2765-6A77-11D0-A535-00C04FD7D062}\\InProcServer32,ThreadingModel,"

"6efd3d6d0501cb47"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{00BB2765-6A77-11D0-A535-00C04FD7D062},"

"4befc015a1e727c3"=",33,HKCR,CLSID\\{AF604EFE-8897-11D1-B944-00A0C90312E1},,"

"61e044dda891e97d"=",33,HKCR,CLSID\\{AF604EFE-8897-11D1-B944-00A0C90312E1}\\InProcServer32,,"

"6a35feccbcea2b2f"=",33,HKCR,CLSID\\{AF604EFE-8897-11D1-B944-00A0C90312E1}\\InProcServer32,ThreadingModel,"

"abe0b0ac732d91be"=",33,HKCR,CLSID\\{4AF4A5FC-912A-11D1-B945-00A0C90312E1},,"

"08465099fe66abd9"=",33,HKCR,CLSID\\{4AF4A5FC-912A-11D1-B945-00A0C90312E1}\\InProcServer32,,"

"150e9811ca7d8016"=",33,HKCR,CLSID\\{4AF4A5FC-912A-11D1-B945-00A0C90312E1}\\InProcServer32,ThreadingModel,"

"22963742ddd44b0a"=",33,HKCR,CLSID\\{ECD4FC4E-521C-11D0-B792-00A0C90312E1},,"

"1dedba3610e51532"=",33,HKCR,CLSID\\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\\InProcServer32,,"

"f866153a07291d18"=",33,HKCR,CLSID\\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\\InProcServer32,ThreadingModel,"

"6efd3d6deec6a527"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{ECD4FC4E-521C-11D0-B792-00A0C90312E1},"

"995b2ce83a9e0f01"=",33,HKCR,CLSID\\{603D3800-BD81-11d0-A3A5-00C04FD706EC},,"

"b2f9ff427cffcced"=",33,HKCR,CLSID\\{603D3800-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,,"

"2d9c923b5a3ab291"=",33,HKCR,CLSID\\{603D3800-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,ThreadingModel,"

"02fe6087f04d818e"=",33,HKCR,CLSID\\{603D3801-BD81-11d0-A3A5-00C04FD706EC},,"

"55e459d59ff8fb92"=",33,HKCR,CLSID\\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,,"

"82d8007c684c0e80"=",33,HKCR,CLSID\\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\\InProcServer32,ThreadingModel,"

"4dc6214f9937743b"=",33,HKCR,CLSID\\{3F4EEF80-BFE8-11d0-A3A5-00C04FD706EC},,"

"dd01a393f6d2b914"=",33,HKCR,CLSID\\{3F4EEF80-BFE8-11d0-A3A5-00C04FD706EC}\\InProcServer32,ThreadingModel,"

"93f9ba0df121427a"=",33,HKCR,CLSID\\{3F4EEF80-BFE8-11d0-A3A5-00C04FD706EC}\\InProcServer32,,"

"908e569722cd9dbc"=",33,HKCR,CLSID\\{438755C2-A8BA-11D1-B96B-00A0C90312E1},,"

"23339e0a67b56730"=",33,HKCR,CLSID\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\\InProcServer32,ThreadingModel,"

"28fc7c1a6c70bbdb"=",33,HKCR,CLSID\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\\InProcServer32,,"

"9b44a7f6f437b880"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler\\,{438755C2-A8BA-11D1-B96B-00A0C90312E1},"

"287a235af895b0e9"=",33,HKCR,CLSID\\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF},,"

"a63580a6831fb2ff"=",33,HKCR,CLSID\\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\\InProcServer32,,"

"0f7057127944f7ae"=",33,HKCR,CLSID\\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\\InProcServer32,ThreadingModel,"

"6efd3d6dcb875ec4"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{3CCF8A41-5C85-11d0-9796-00AA00B90ADF},"

"cdab92a20eae66eb"=",33,HKCR,CLSID\\{ECD4FC4C-521C-11D0-B792-00A0C90312E1},,"

"223367873764acf3"=",33,HKCR,CLSID\\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\\InProcServer32,,"

"ad1f742aaa1e957e"=",33,HKCR,CLSID\\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\\InProcServer32,ThreadingModel,"

"6efd3d6d3dbc88c6"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{ECD4FC4C-521C-11D0-B792-00A0C90312E1},"

"b9337b2d1707c585"=",33,HKCR,CLSID\\{ECD4FC4D-521C-11D0-B792-00A0C90312E1},,"

"faf01ca1f3e2224d"=",33,HKCR,CLSID\\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\\InProcServer32,,"

"5722877d355fa109"=",33,HKCR,CLSID\\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\\InProcServer32,ThreadingModel,"

"6efd3d6d24152ba8"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{ECD4FC4D-521C-11D0-B792-00A0C90312E1},"

"36c1aa19a6181d30"=",33,HKCR,CLSID\\{DD313E04-FEFF-11d1-8ECD-0000F87A470C},,"

"97a98db02daf9291"=",33,HKCR,CLSID\\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\\InProcServer32,,"

"57f91898bbe800f2"=",33,HKCR,CLSID\\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\\InProcServer32,ThreadingModel,"

"6efd3d6d950af31d"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{DD313E04-FEFF-11d1-8ECD-0000F87A470C},"

"5fbcaeb6ee72e791"=",33,HKCR,CLSID\\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11},,"

"f2491f675799cb7f"=",33,HKCR,CLSID\\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\\InProcServer32,,"

"dd5c3b60973c3066"=",33,HKCR,CLSID\\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\\InProcServer32,ThreadingModel,"

"6efd3d6ddd6009bc"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11},"

"54f749797fc4752e"=",33,HKCR,CLSID\\{F8383852-FCD3-11d1-A6B9-006097DF5BD4},,"

"0576efbc8bb384f0"=",33,HKCR,CLSID\\{F8383852-FCD3-11d1-A6B9-006097DF5BD4}\\InProcServer32,,"

"e4b677f7a0801c4e"=",33,HKCR,CLSID\\{F8383852-FCD3-11d1-A6B9-006097DF5BD4}\\InProcServer32,ThreadingModel,"

"36bd0f874181713b"=",33,HKCR,CLSID\\{8C7461EF-2B13-11d2-BE35-3078302C2030},,"

"c5ccf9e897898d90"=",33,HKCR,CLSID\\{8C7461EF-2B13-11d2-BE35-3078302C2030}\\InProcServer32,,"

"5dd12fe7bd0b465d"=",33,HKCR,CLSID\\{8C7461EF-2B13-11d2-BE35-3078302C2030}\\InProcServer32,ThreadingModel,"

"e9716fab77d2379d"=",33,HKCR,CLSID\\{E56829C9-2D59-11d2-BE38-3078302C2030},,"

"e5a743af037a8cf7"=",33,HKCR,CLSID\\{E56829C9-2D59-11d2-BE38-3078302C2030}\\InProcServer32,,"

"ce4b10a9c301bf9c"=",33,HKCR,CLSID\\{E56829C9-2D59-11d2-BE38-3078302C2030}\\InProcServer32,ThreadingModel,"

"9b44a7f60005bda5"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler,{8C7461EF-2B13-11d2-BE35-3078302C2030},"

"860355bc9dc9954b"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{DB8DC413-C0AA-11D0-9545-080009B1C2F3},OTNEEDSSFCACHE,"

"fe626d648daddcb4"=",33,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FindExtensions\\Static\\InetFind,"

"a3d96c54e2d85759"=",33,HKCR,CLSID\\{31E2C0DF-A328-470b-A1EA-3760759A3822},"

"6efd3d6dd1cab974"=",1,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,{31E2C0DF-A328-470b-A1EA-3760759A3822},"

"c8a5db7d407304de"=",33,HKCR,Software\\Microsoft\\Internet Explorer\\Bar,"

"4635a1adcbb43589"=",33,HKCR,CLSID\\%CLSID_BROWSEUI%,"

"ed21a16ac50e7468"=",33,HKCR,CLSID\\%CLSID_BROWSEUI%\\InProcServer32,"

"c7748f3554caa76a"=",1,HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved,%CLSID_BROWSEUI%,"

"942115cf0495ffb0"=",33,HKLM,Software\\Microsoft\\Internet Explorer\\AdvancedOptions\\%M%\\RADIO,"

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"Setup"="020A51E-A7E2-369F-FCEB-C69B"

"Licence"="01E79F9-EB3E-CC36-0408-DAF2"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(424)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Completion time: 2010-10-03 11:48:37

ComboFix-quarantined-files.txt 2010-10-03 16:48

Pre-Run: 24,528,560,128 bytes free

Post-Run: 24,451,694,592 bytes free

- - End Of File - - 0023EAE5087126369A9A0FD9E9DD6CAA

Link to post
Share on other sites

Guest garybear

Hi Chris! I hope I have it right this time!Attach.zip

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 12:07:15.85 on Sun 10/03/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.573 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Emsisoft\Online Armor\OAcat.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Emsisoft\Online Armor\oasrv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\WINDOWS\System32\snmp.exe

svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Emsisoft\Online Armor\oaui.exe

C:\Program Files\Emsisoft\Online Armor\OAhlp.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://uk.yahoo.com

mURLSearchHooks: H - No File

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: EditLevel = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: microsoft.com\www.update

TCP: {A6E9D1DD-4E0E-418F-8ED7-77330E9998A4} = 64.250.192.64 64.250.192.65

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online armor\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\go84pron.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=iw

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-7-29 15328]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-6 11608]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-7-21 236104]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-7-21 22600]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-7-21 28232]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-6 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-6 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-6 60936]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-19 20072]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-13 304464]

R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-7-21 1283400]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-7-29 220128]

R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-7-21 3364680]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-13 20952]

S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-1-21 93544]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-7-29 44512]

S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2010-7-29 12256]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]

=============== Created Last 30 ================

2010-10-03 16:22:44 98816 -c--a-w- c:\windows\sed.exe

2010-10-03 16:22:44 77312 -c--a-w- c:\windows\MBR.exe

2010-10-03 16:22:44 256512 -c--a-w- c:\windows\PEV.exe

2010-10-03 16:22:44 161792 -c--a-w- c:\windows\SWREG.exe

2010-10-02 20:51:24 0 dc----w- c:\windows\Logs

2010-09-24 18:58:54 0 dc----w- c:\docume~1\owner\applic~1\Tor

2010-09-24 18:58:51 0 dc----w- c:\program files\Vidalia Bundle

2010-09-19 22:24:52 0 dc----w- c:\windows\system32\wbem\Repository

2010-09-19 22:23:51 0 dc----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com

2010-09-17 00:08:02 0 dc----w- c:\windows\MATS

2010-09-17 00:08:00 0 dc----w- c:\program files\Microsoft Fix it Center

==================== Find3M ====================

2010-09-19 22:29:26 17576 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-17 13:17:06 58880 -c--a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 -c--a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll

2010-07-12 14:28:04 262144 ----a-w- C:\ntuser.dat

2008-03-20 00:03:54 441 -c--a-w- c:\program files\regfav.ini

2007-02-17 07:52:12 10152 -c--a-w- c:\program files\ARA.ini

2007-02-03 22:31:12 258352 -c--a-w- c:\program files\UNICOWS.DLL

2007-02-03 22:31:12 237568 -c--a-w- c:\program files\MSLURT.dll

2007-02-03 22:31:10 995410 -c--a-w- c:\program files\MFC42LU.DLL

2007-02-03 22:31:10 393216 -c--a-w- c:\program files\MSLUP60.dll

2006-08-21 20:20:00 679936 -c--a-w- c:\program files\libeay32.dll

2006-08-21 20:20:00 413696 -c--a-w- c:\program files\msvcp60.dll

2006-08-21 20:20:00 147728 -c--a-w- c:\program files\ASYCFILT.DLL

2006-08-21 20:20:00 147456 -c--a-w- c:\program files\ssleay32.dll

2006-08-21 20:20:00 1028096 -c--a-w- c:\program files\mfc42.dll

2008-06-20 19:07:00 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060920080616\index.dat

2008-06-20 19:07:00 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062020080621\index.dat

2009-02-08 02:00:38 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat

2009-02-08 06:53:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

2009-02-20 00:29:12 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021920090220\index.dat

2009-03-23 08:08:44 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032320090324\index.dat

============= FINISH: 12:12:43.92 ===============

Link to post
Share on other sites

Guest garybear

Hi Chris!! I have done every thing I know to do to get rid of AVG. Attaching log. It says AVG is not on my PC???????????2010-10-03 20:37:18,734 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)

2010-10-03 20:37:18,781 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)

2010-10-03 20:37:18,781 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)

2010-10-03 20:37:18,781 WARN AvgDir param empty.

2010-10-03 20:37:18,781 WARN AvgDataDir param empty.

2010-10-03 20:37:26,234 INFO AvgRemover runs in attempt number 1

2010-10-03 20:37:26,234 INFO ***** Services *****

2010-10-03 20:37:26,234 INFO Processing service avg8emc

2010-10-03 20:37:26,234 INFO Service avg8emc is not installed

2010-10-03 20:37:26,234 DEBUG Service avg8emc RegCleanup

2010-10-03 20:37:26,234 DEBUG Registry keys for service avg8emc are not present

2010-10-03 20:37:26,234 INFO Processing service avgfws8

2010-10-03 20:37:26,234 INFO Service avgfws8 is not installed

2010-10-03 20:37:26,234 DEBUG Service avgfws8 RegCleanup

2010-10-03 20:37:26,234 DEBUG Registry keys for service avgfws8 are not present

2010-10-03 20:37:26,234 INFO Processing service avg8wd

2010-10-03 20:37:26,234 INFO Service avg8wd is not installed

2010-10-03 20:37:26,234 DEBUG Service avg8wd RegCleanup

2010-10-03 20:37:26,234 DEBUG Registry keys for service avg8wd are not present

2010-10-03 20:37:26,234 INFO Processing service AvgWFPx

2010-10-03 20:37:26,250 INFO Service AvgWFPx is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgWFPx RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgWFPx are not present

2010-10-03 20:37:26,250 INFO Processing service AvgWFPa

2010-10-03 20:37:26,250 INFO Service AvgWFPa is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgWFPa RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgWFPa are not present

2010-10-03 20:37:26,250 INFO Processing service AvgMfx86

2010-10-03 20:37:26,250 INFO Service AvgMfx86 is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgMfx86 RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgMfx86 are not present

2010-10-03 20:37:26,250 INFO Processing service AvgMfx64

2010-10-03 20:37:26,250 INFO Service AvgMfx64 is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgMfx64 RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgMfx64 are not present

2010-10-03 20:37:26,250 INFO Processing service AvgLdx86

2010-10-03 20:37:26,250 INFO Service AvgLdx86 is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgLdx86 RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgLdx86 are not present

2010-10-03 20:37:26,250 INFO Processing service AvgLdx64

2010-10-03 20:37:26,250 INFO Service AvgLdx64 is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgLdx64 RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgLdx64 are not present

2010-10-03 20:37:26,250 INFO Processing service AvgTdiX

2010-10-03 20:37:26,250 INFO Service AvgTdiX is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgTdiX RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgTdiX are not present

2010-10-03 20:37:26,250 INFO Processing service AvgTdiA

2010-10-03 20:37:26,250 INFO Service AvgTdiA is not installed

2010-10-03 20:37:26,250 DEBUG Service AvgTdiA RegCleanup

2010-10-03 20:37:26,250 DEBUG Registry keys for service AvgTdiA are not present

2010-10-03 20:37:26,250 INFO Processing service AvgRkx86

2010-10-03 20:37:26,265 INFO Service AvgRkx86 is not installed

2010-10-03 20:37:26,265 DEBUG Service AvgRkx86 RegCleanup

2010-10-03 20:37:26,265 DEBUG Registry keys for service AvgRkx86 are not present

2010-10-03 20:37:26,265 INFO Processing service AvgRkx64

2010-10-03 20:37:26,265 INFO Service AvgRkx64 is not installed

2010-10-03 20:37:26,265 DEBUG Service AvgRkx64 RegCleanup

2010-10-03 20:37:26,265 DEBUG Registry keys for service AvgRkx64 are not present

2010-10-03 20:37:26,265 INFO Processing service avg9emc

2010-10-03 20:37:26,265 INFO Service avg9emc is not installed

2010-10-03 20:37:26,265 DEBUG Service avg9emc RegCleanup

2010-10-03 20:37:26,265 DEBUG Registry keys for service avg9emc are not present

2010-10-03 20:37:26,265 INFO Processing service avgfws9

2010-10-03 20:37:26,265 INFO Service avgfws9 is not installed

2010-10-03 20:37:26,265 DEBUG Service avgfws9 RegCleanup

2010-10-03 20:37:26,265 DEBUG Registry keys for service avgfws9 are not present

2010-10-03 20:37:26,265 INFO Processing service avg9wd

2010-10-03 20:37:26,281 INFO Service avg9wd is not installed

2010-10-03 20:37:26,281 DEBUG Service avg9wd RegCleanup

2010-10-03 20:37:26,281 DEBUG Registry keys for service avg9wd are not present

2010-10-03 20:37:26,281 INFO Processing service AVGIDSAgent

2010-10-03 20:37:26,281 INFO Service AVGIDSAgent is not installed

2010-10-03 20:37:26,281 DEBUG Service AVGIDSAgent RegCleanup

2010-10-03 20:37:26,281 DEBUG Registry keys for service AVGIDSAgent are not present

2010-10-03 20:37:26,281 INFO Processing service AVGIDSShimxpx

2010-10-03 20:37:26,281 INFO Service AVGIDSShimxpx is not installed

2010-10-03 20:37:26,281 DEBUG Service AVGIDSShimxpx RegCleanup

2010-10-03 20:37:26,281 DEBUG Registry keys for service AVGIDSShimxpx are not present

2010-10-03 20:37:26,281 INFO Processing service AVGIDSFilterxpx

2010-10-03 20:37:26,281 INFO Service AVGIDSFilterxpx is not installed

2010-10-03 20:37:26,281 DEBUG Service AVGIDSFilterxpx RegCleanup

2010-10-03 20:37:26,281 DEBUG Registry keys for service AVGIDSFilterxpx are not present

2010-10-03 20:37:26,281 INFO Processing service AVGIDSDriverxpx

2010-10-03 20:37:26,296 INFO Service AVGIDSDriverxpx is not installed

2010-10-03 20:37:26,296 DEBUG Service AVGIDSDriverxpx RegCleanup

2010-10-03 20:37:26,296 DEBUG Registry keys for service AVGIDSDriverxpx are not present

2010-10-03 20:37:26,296 INFO Processing service AVGIDSShimvtx

2010-10-03 20:37:26,296 INFO Service AVGIDSShimvtx is not installed

2010-10-03 20:37:26,296 DEBUG Service AVGIDSShimvtx RegCleanup

2010-10-03 20:37:26,296 DEBUG Registry keys for service AVGIDSShimvtx are not present

2010-10-03 20:37:26,296 INFO Processing service AVGIDSFiltervtx

2010-10-03 20:37:26,296 INFO Service AVGIDSFiltervtx is not installed

2010-10-03 20:37:26,296 DEBUG Service AVGIDSFiltervtx RegCleanup

2010-10-03 20:37:26,296 DEBUG Registry keys for service AVGIDSFiltervtx are not present

2010-10-03 20:37:26,296 INFO Processing service AVGIDSDrivervtx

2010-10-03 20:37:26,296 INFO Service AVGIDSDrivervtx is not installed

2010-10-03 20:37:26,296 DEBUG Service AVGIDSDrivervtx RegCleanup

2010-10-03 20:37:26,312 DEBUG Registry keys for service AVGIDSDrivervtx are not present

2010-10-03 20:37:26,312 INFO Processing service AVGIDSFiltervta

2010-10-03 20:37:26,312 INFO Service AVGIDSFiltervta is not installed

2010-10-03 20:37:26,312 DEBUG Service AVGIDSFiltervta RegCleanup

2010-10-03 20:37:26,312 DEBUG Registry keys for service AVGIDSFiltervta are not present

2010-10-03 20:37:26,312 INFO Processing service AVGIDSDrivervta

2010-10-03 20:37:26,312 INFO Service AVGIDSDrivervta is not installed

2010-10-03 20:37:26,312 DEBUG Service AVGIDSDrivervta RegCleanup

2010-10-03 20:37:26,312 DEBUG Registry keys for service AVGIDSDrivervta are not present

2010-10-03 20:37:26,312 INFO Processing service AVGIDSShimw7x

2010-10-03 20:37:26,312 INFO Service AVGIDSShimw7x is not installed

2010-10-03 20:37:26,312 DEBUG Service AVGIDSShimw7x RegCleanup

2010-10-03 20:37:26,312 DEBUG Registry keys for service AVGIDSShimw7x are not present

2010-10-03 20:37:26,312 INFO Processing service AVGIDSFilterw7x

2010-10-03 20:37:26,312 INFO Service AVGIDSFilterw7x is not installed

2010-10-03 20:37:26,328 DEBUG Service AVGIDSFilterw7x RegCleanup

2010-10-03 20:37:26,328 DEBUG Registry keys for service AVGIDSFilterw7x are not present

2010-10-03 20:37:26,328 INFO Processing service AVGIDSDriverw7x

2010-10-03 20:37:26,328 INFO Service AVGIDSDriverw7x is not installed

2010-10-03 20:37:26,328 DEBUG Service AVGIDSDriverw7x RegCleanup

2010-10-03 20:37:26,328 DEBUG Registry keys for service AVGIDSDriverw7x are not present

2010-10-03 20:37:26,328 INFO Processing service AVGIDSFilterw7a

2010-10-03 20:37:26,328 INFO Service AVGIDSFilterw7a is not installed

2010-10-03 20:37:26,328 DEBUG Service AVGIDSFilterw7a RegCleanup

2010-10-03 20:37:26,328 DEBUG Registry keys for service AVGIDSFilterw7a are not present

2010-10-03 20:37:26,328 INFO Processing service AVGIDSDriverw7a

2010-10-03 20:37:26,328 INFO Service AVGIDSDriverw7a is not installed

2010-10-03 20:37:26,328 DEBUG Service AVGIDSDriverw7a RegCleanup

2010-10-03 20:37:26,328 DEBUG Registry keys for service AVGIDSDriverw7a are not present

2010-10-03 20:37:26,328 INFO Processing service AVGIDSErHrxpx

2010-10-03 20:37:26,343 INFO Service AVGIDSErHrxpx is not installed

2010-10-03 20:37:26,343 DEBUG Service AVGIDSErHrxpx RegCleanup

2010-10-03 20:37:26,343 DEBUG Registry keys for service AVGIDSErHrxpx are not present

2010-10-03 20:37:26,343 INFO Processing service AVGIDSErHrvtx

2010-10-03 20:37:26,343 INFO Service AVGIDSErHrvtx is not installed

2010-10-03 20:37:26,343 DEBUG Service AVGIDSErHrvtx RegCleanup

2010-10-03 20:37:26,343 DEBUG Registry keys for service AVGIDSErHrvtx are not present

2010-10-03 20:37:26,343 INFO Processing service AVGIDSErHrvta

2010-10-03 20:37:26,343 INFO Service AVGIDSErHrvta is not installed

2010-10-03 20:37:26,343 DEBUG Service AVGIDSErHrvta RegCleanup

2010-10-03 20:37:26,343 DEBUG Registry keys for service AVGIDSErHrvta are not present

2010-10-03 20:37:26,343 INFO Processing service AVGIDSErHrw7x

2010-10-03 20:37:26,343 INFO Service AVGIDSErHrw7x is not installed

2010-10-03 20:37:26,343 DEBUG Service AVGIDSErHrw7x RegCleanup

2010-10-03 20:37:26,343 DEBUG Registry keys for service AVGIDSErHrw7x are not present

2010-10-03 20:37:26,343 INFO Processing service AVGIDSErHrw7a

2010-10-03 20:37:26,359 INFO Service AVGIDSErHrw7a is not installed

2010-10-03 20:37:26,359 DEBUG Service AVGIDSErHrw7a RegCleanup

2010-10-03 20:37:26,359 DEBUG Registry keys for service AVGIDSErHrw7a are not present

2010-10-03 20:37:26,359 INFO ***** Registry keys and values *****

2010-10-03 20:37:26,359 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions

2010-10-03 20:37:26,359 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove

2010-10-03 20:37:26,359 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present

2010-10-03 20:37:26,359 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions

2010-10-03 20:37:26,359 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove

2010-10-03 20:37:26,359 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present

2010-10-03 20:37:26,375 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found

2010-10-03 20:37:26,375 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found

2010-10-03 20:37:26,375 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found

2010-10-03 20:37:26,375 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove

2010-10-03 20:37:26,375 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found

2010-10-03 20:37:26,375 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg

2010-10-03 20:37:26,390 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove

2010-10-03 20:37:26,390 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found

2010-10-03 20:37:26,390 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}

2010-10-03 20:37:26,390 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove

2010-10-03 20:37:26,390 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found

2010-10-03 20:37:26,390 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2010-10-03 20:37:26,390 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2010-10-03 20:37:26,390 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2010-10-03 20:37:26,390 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar

2010-10-03 20:37:26,390 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove

2010-10-03 20:37:26,390 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present

2010-10-03 20:37:26,406 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2010-10-03 20:37:26,406 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2010-10-03 20:37:26,406 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2010-10-03 20:37:26,406 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions

2010-10-03 20:37:26,406 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove

2010-10-03 20:37:26,406 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present

2010-10-03 20:37:26,406 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions

2010-10-03 20:37:26,406 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove

2010-10-03 20:37:26,406 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present

2010-10-03 20:37:26,421 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

2010-10-03 20:37:26,421 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify

2010-10-03 20:37:26,421 DEBUG Reading SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs failed (error: e001003d)

2010-10-03 20:37:26,421 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify failed

2010-10-03 20:37:26,421 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2010-10-03 20:37:26,421 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove

2010-10-03 20:37:26,421 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present

2010-10-03 20:37:26,421 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2010-10-03 20:37:26,421 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove

2010-10-03 20:37:26,421 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present

2010-10-03 20:37:26,437 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2010-10-03 20:37:26,437 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove

2010-10-03 20:37:26,437 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present

2010-10-03 20:37:26,437 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2010-10-03 20:37:26,437 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove

2010-10-03 20:37:26,437 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present

2010-10-03 20:37:26,437 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run

2010-10-03 20:37:26,453 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove

2010-10-03 20:37:26,453 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present

2010-10-03 20:37:26,453 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run

2010-10-03 20:37:26,453 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove

2010-10-03 20:37:26,453 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present

2010-10-03 20:37:26,453 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall

2010-10-03 20:37:26,453 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove

2010-10-03 20:37:26,453 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found

2010-10-03 20:37:26,453 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found

2010-10-03 20:37:26,468 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found

2010-10-03 20:37:26,468 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found

2010-10-03 20:37:26,468 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found

2010-10-03 20:37:26,468 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove

2010-10-03 20:37:26,468 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found

2010-10-03 20:37:26,468 INFO Processing registry SOFTWARE\Classes\AvgDiagFile

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found

2010-10-03 20:37:26,484 INFO Processing registry SOFTWARE\Classes\AvgDiagFile

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found

2010-10-03 20:37:26,484 INFO Processing registry SOFTWARE\Classes\.avgdi

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\.avgdi not found

2010-10-03 20:37:26,484 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found

2010-10-03 20:37:26,484 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found

2010-10-03 20:37:26,484 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove

2010-10-03 20:37:26,484 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found

2010-10-03 20:37:26,484 INFO Processing registry SOFTWARE\AVG\Clients

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\Clients ForceRemove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\Clients not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG\AVG8

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG8 not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG\AVG9

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG9 not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG\AVG IDS

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG IDS not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG

2010-10-03 20:37:26,500 DEBUG Value SOFTWARE\AVG:DumpType Remove

2010-10-03 20:37:26,500 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG Remove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG Security Toolbar

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG Security Toolbar not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG\AVG8

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG8 not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG\AVG9

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove

2010-10-03 20:37:26,500 DEBUG Key SOFTWARE\AVG\AVG9 not found

2010-10-03 20:37:26,500 INFO Processing registry SOFTWARE\AVG

2010-10-03 20:37:26,515 DEBUG Key SOFTWARE\AVG Remove

2010-10-03 20:37:26,515 DEBUG Key SOFTWARE\AVG not found

2010-10-03 20:37:26,515 INFO Processing registry SOFTWARE\AVG Security Toolbar

2010-10-03 20:37:26,515 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove

2010-10-03 20:37:26,515 DEBUG Key SOFTWARE\AVG Security Toolbar not found

2010-10-03 20:37:26,515 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks

2010-10-03 20:37:26,515 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove

2010-10-03 20:37:26,515 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present

2010-10-03 20:37:26,515 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2010-10-03 20:37:26,515 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2010-10-03 20:37:26,515 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2010-10-03 20:37:26,515 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser

2010-10-03 20:37:26,531 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove

2010-10-03 20:37:26,531 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present

2010-10-03 20:37:26,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2010-10-03 20:37:26,531 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2010-10-03 20:37:26,531 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2010-10-03 20:37:26,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}

2010-10-03 20:37:26,531 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove

2010-10-03 20:37:26,531 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found

2010-10-03 20:37:26,531 INFO Processing registry aAvgAPI.AvgBro

2010-10-03 20:37:26,531 DEBUG Key aAvgAPI.AvgBro ForceRemove

2010-10-03 20:37:26,531 DEBUG Key aAvgAPI.AvgBro not found

2010-10-03 20:37:26,531 INFO Processing registry AVG.Office

2010-10-03 20:37:26,531 DEBUG Key AVG.Office ForceRemove

2010-10-03 20:37:26,531 DEBUG Key AVG.Office not found

2010-10-03 20:37:26,531 INFO Processing registry AVG.Office.8

2010-10-03 20:37:26,531 DEBUG Key AVG.Office.8 ForceRemove

2010-10-03 20:37:26,531 DEBUG Key AVG.Office.8 not found

2010-10-03 20:37:26,546 INFO Processing registry avgtoolbar.AVGTOOLBAR

2010-10-03 20:37:26,546 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove

2010-10-03 20:37:26,546 DEBUG Key avgtoolbar.AVGTOOLBAR not found

2010-10-03 20:37:26,546 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button

2010-10-03 20:37:26,546 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove

2010-10-03 20:37:26,546 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found

2010-10-03 20:37:26,546 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button

2010-10-03 20:37:26,546 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove

2010-10-03 20:37:26,546 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found

2010-10-03 20:37:26,546 INFO Processing registry LinkScannerIE.NavFilter

2010-10-03 20:37:26,546 DEBUG Key LinkScannerIE.NavFilter ForceRemove

2010-10-03 20:37:26,546 DEBUG Key LinkScannerIE.NavFilter not found

2010-10-03 20:37:26,546 INFO Processing registry LinkScannerIE.NavFilter.1

2010-10-03 20:37:26,546 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove

2010-10-03 20:37:26,546 DEBUG Key LinkScannerIE.NavFilter.1 not found

2010-10-03 20:37:26,546 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}

2010-10-03 20:37:26,546 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove

2010-10-03 20:37:26,546 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found

2010-10-03 20:37:26,546 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}

2010-10-03 20:37:26,562 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove

2010-10-03 20:37:26,562 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found

2010-10-03 20:37:26,562 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

2010-10-03 20:37:26,562 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove

2010-10-03 20:37:26,562 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found

2010-10-03 20:37:26,562 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

2010-10-03 20:37:26,562 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove

2010-10-03 20:37:26,562 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found

2010-10-03 20:37:26,562 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

2010-10-03 20:37:26,562 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove

2010-10-03 20:37:26,562 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found

2010-10-03 20:37:26,562 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}

2010-10-03 20:37:26,562 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove

2010-10-03 20:37:26,562 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found

2010-10-03 20:37:26,562 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}

2010-10-03 20:37:26,578 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove

2010-10-03 20:37:26,578 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found

2010-10-03 20:37:26,578 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}

2010-10-03 20:37:26,578 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove

2010-10-03 20:37:26,578 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found

2010-10-03 20:37:26,578 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}

2010-10-03 20:37:26,578 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove

2010-10-03 20:37:26,578 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found

2010-10-03 20:37:26,578 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}

2010-10-03 20:37:26,578 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove

2010-10-03 20:37:26,578 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found

2010-10-03 20:37:26,578 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}

2010-10-03 20:37:26,578 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove

2010-10-03 20:37:26,578 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found

2010-10-03 20:37:26,578 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2010-10-03 20:37:26,593 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2010-10-03 20:37:26,593 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2010-10-03 20:37:26,593 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}

2010-10-03 20:37:26,593 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove

2010-10-03 20:37:26,593 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found

2010-10-03 20:37:26,593 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}

2010-10-03 20:37:26,593 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove

2010-10-03 20:37:26,593 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found

2010-10-03 20:37:26,593 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}

2010-10-03 20:37:26,593 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove

2010-10-03 20:37:26,593 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found

2010-10-03 20:37:26,593 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found

2010-10-03 20:37:26,609 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found

2010-10-03 20:37:26,609 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found

2010-10-03 20:37:26,609 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2010-10-03 20:37:26,609 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2010-10-03 20:37:26,609 INFO ***** Files and folders *****

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 0

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 1

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 2

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 3

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 4

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 5

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 6

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 7

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 8

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 9

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 10

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 11

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 12

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 13

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 14

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 15

2010-10-03 20:37:26,609 DEBUG Missing ParentDir path for fileItem number 16

2010-10-03 20:37:26,609 DEBUG Processing item C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR

2010-10-03 20:37:26,609 INFO Directory C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR not found

2010-10-03 20:37:26,625 DEBUG Processing item C:\WINDOWS\System32\Drivers

2010-10-03 20:37:26,625 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg 8.0

2010-10-03 20:37:26,625 INFO Directory C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg 8.0 not found

2010-10-03 20:37:26,625 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg free 8.0

2010-10-03 20:37:26,625 INFO Directory C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg free 8.0 not found

2010-10-03 20:37:26,625 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg 8.5

2010-10-03 20:37:26,625 INFO Directory C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg 8.5 not found

2010-10-03 20:37:26,625 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg free 8.5

2010-10-03 20:37:26,625 INFO Directory C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avg free 8.5 not found

2010-10-03 20:37:26,640 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Desktop\avg 8.0.lnk

2010-10-03 20:37:26,640 INFO File C:\Documents and Settings\All Users.WINDOWS\Desktop\avg 8.0.lnk not found

2010-10-03 20:37:26,640 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Desktop\avg free 8.0.lnk

2010-10-03 20:37:26,640 INFO File C:\Documents and Settings\All Users.WINDOWS\Desktop\avg free 8.0.lnk not found

2010-10-03 20:37:26,640 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Desktop\avg 8.5.lnk

2010-10-03 20:37:26,640 INFO File C:\Documents and Settings\All Users.WINDOWS\Desktop\avg 8.5.lnk not found

2010-10-03 20:37:26,640 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Desktop\avg free 8.5.lnk

2010-10-03 20:37:26,640 INFO File C:\Documents and Settings\All Users.WINDOWS\Desktop\avg free 8.5.lnk not found

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 27

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 28

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 29

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 30

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 31

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 32

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 33

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 34

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 35

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 36

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 37

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 38

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 39

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 40

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 41

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 42

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 43

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 44

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 45

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 46

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 47

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 48

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 49

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 50

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 51

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 52

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 53

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 54

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 55

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 56

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 57

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 58

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 59

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 60

2010-10-03 20:37:26,640 DEBUG Missing ParentDir path for fileItem number 61

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 62

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 63

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 64

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 65

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 66

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 67

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 68

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 69

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 70

2010-10-03 20:37:26,656 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\Languages

2010-10-03 20:37:26,656 INFO Directory C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\Languages not found

2010-10-03 20:37:26,656 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar

2010-10-03 20:37:26,656 INFO Directory C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar not found

2010-10-03 20:37:26,656 DEBUG Processing item C:\WINDOWS\System32\Drivers

2010-10-03 20:37:26,656 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Desktop\avg 9.0.lnk

2010-10-03 20:37:26,656 INFO File C:\Documents and Settings\All Users.WINDOWS\Desktop\avg 9.0.lnk not found

2010-10-03 20:37:26,656 DEBUG Processing item C:\Documents and Settings\All Users.WINDOWS\Desktop\avg free 9.0.lnk

2010-10-03 20:37:26,656 INFO File C:\Documents and Settings\All Users.WINDOWS\Desktop\avg free 9.0.lnk not found

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 76

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 77

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 78

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 79

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 80

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 81

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 82

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 83

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 84

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 85

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 86

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 87

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 88

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 89

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 90

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 91

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 92

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 93

2010-10-03 20:37:26,656 DEBUG Missing ParentDir path for fileItem number 94

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 95

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 96

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 97

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 98

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 99

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 100

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 101

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 102

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 103

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 104

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 105

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 106

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 107

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 108

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 109

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 110

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 111

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 112

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 113

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 114

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 115

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 116

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 117

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 118

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 119

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 120

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 121

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 122

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 123

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 124

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 125

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 126

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 127

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 128

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 129

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 130

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 131

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 132

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 133

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 134

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 135

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 136

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 137

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 138

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 139

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 140

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 141

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 142

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 143

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 144

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 145

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 146

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 147

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 148

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 149

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 150

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 151

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 152

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 153

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 154

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 155

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 156

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 157

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 158

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 159

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 160

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 161

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 162

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 163

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 164

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 165

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 166

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 167

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 168

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 169

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 170

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 171

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 172

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 173

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 174

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 175

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 176

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 177

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 178

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 179

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 180

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 181

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 182

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 183

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 184

2010-10-03 20:37:26,671 DEBUG Missing ParentDir path for fileItem number 185

2010-10-03 20:37:26,671 DEBUG Processing item C:\WINDOWS\System32\Drivers

2010-10-03 20:37:26,671 DEBUG Processing item C:\WINDOWS\System32\Drivers

2010-10-03 20:37:26,671 DEBUG Processing item C:\WINDOWS\System32\Drivers

2010-10-03 20:37:26,671 DEBUG Processing item C:\WINDOWS\System32\Drivers

2010-10-03 20:37:26,671 DEBUG Processing item C:\WINDOWS\System32\Drivers

2010-10-03 20:37:26,671 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg

2010-10-03 20:37:26,671 INFO Directory C:\WINDOWS\System32\Drivers\avg not found

2010-10-03 20:37:26,671 DEBUG Processing item C:\WINDOWS\System32

2010-10-03 20:37:26,671 DEBUG Processing item C:\Program Files\AVG

2010-10-03 20:37:26,671 INFO Directory C:\Program Files\AVG not found

2010-10-03 20:37:26,687 DEBUG Missing ParentDir path for fileItem number 194

2010-10-03 20:37:26,687 INFO ***** Avg Fw NDIS driver *****

2010-10-03 20:37:27,703 INFO FW NDIS driver not present

Link to post
Share on other sites

Guest garybear

I'm very sorry for being stupid but I'm tired of this. I'm posting MBAM loG. This is why I'm here. I'm probably breaking the rules just like I always seem to do. I have to know why I'm the only one getting these. I don't know if it's incoming or outgoing.I'm sorry Chris, but I'm tired of this crap from the Chinese.

06:01:28 Owner MESSAGE Scheduled update executed successfully

06:01:28 Owner MESSAGE IP Protection stopped

06:01:41 Owner MESSAGE Database updated successfully

06:01:47 Owner MESSAGE IP Protection started successfully

11:51:01 Owner MESSAGE Protection started successfully

11:51:11 Owner MESSAGE IP Protection started successfully

11:57:57 Owner MESSAGE Protection started successfully

11:58:02 Owner MESSAGE IP Protection started successfully

18:19:04 Owner MESSAGE Protection started successfully

18:19:10 Owner MESSAGE IP Protection started successfully

22:01:33 Owner MESSAGE Scheduled update executed successfully

22:01:34 Owner MESSAGE IP Protection stopped

22:01:48 Owner MESSAGE Database updated successfully

22:01:55 Owner MESSAGE IP Protection started successfully

22:23:04 Owner IP-BLOCK 221.192.199.46

22:23:04 Owner IP-BLOCK 221.192.199.46

22:31:00 Owner IP-BLOCK 222.186.13.212

22:31:00 Owner IP-BLOCK 222.186.13.212

22:31:01 Owner IP-BLOCK 222.186.13.212

22:31:01 Owner IP-BLOCK 222.186.13.212

22:31:01 Owner IP-BLOCK 222.186.13.212

22:42:33 Owner IP-BLOCK 91.202.61.155

22:52:03 Owner IP-BLOCK 221.192.199.46

22:52:04 Owner IP-BLOCK 221.192.199.46

Link to post
Share on other sites

Guest garybear

Hi Chris!!

Don't know if you have gotten the feeling that I'm unhappy with your progress. I sure hope that's not the case my friend. I really appreciate you and I know your also helping others. I just want to update you on my progress. I finally got all traces of AVG off my PC. so that's one step forward. Thank you my friend. Here is a piece of DDS log. No more AVG. I'm going to work on Zone Alarm next!! Thank you Chris!!

Garybear!!

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Guest garybear

Here's one!! Will get the others in a minute!!2010/10/05 02:05:10.0703 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/05 02:05:10.0703 ================================================================================

2010/10/05 02:05:10.0703 SystemInfo:

2010/10/05 02:05:10.0703

2010/10/05 02:05:10.0703 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/05 02:05:10.0703 Product type: Workstation

2010/10/05 02:05:10.0703 ComputerName: DONETTA-C46FD94

2010/10/05 02:05:10.0703 UserName: Owner

2010/10/05 02:05:10.0703 Windows directory: C:\WINDOWS

2010/10/05 02:05:10.0703 System windows directory: C:\WINDOWS

2010/10/05 02:05:10.0703 Processor architecture: Intel x86

2010/10/05 02:05:10.0703 Number of processors: 1

2010/10/05 02:05:10.0703 Page size: 0x1000

2010/10/05 02:05:10.0703 Boot type: Normal boot

2010/10/05 02:05:10.0703 ================================================================================

2010/10/05 02:05:11.0671 Initialize success

Link to post
Share on other sites

Guest garybear

Hi friend!! I ran ESET1 I could not find the log. It said O defects were found. It ran for 36inutes. I 'm really beat . I will try to run the last test. I had 7 hits while Eset was running . I will attach the MBAM log. I'm getting real tired, but I want this to end, so I will continue. Thank you my friend 11 hits while running ESET. I just got another one.

Garybear!!

01:57:22 Owner MESSAGE Protection started successfully

01:57:31 Owner MESSAGE IP Protection started successfully

02:01:35 Owner MESSAGE Scheduled update executed successfully

02:01:35 Owner MESSAGE IP Protection stopped

02:01:49 Owner MESSAGE Database updated successfully

02:01:55 Owner MESSAGE IP Protection started successfully

02:24:08 Owner IP-BLOCK 221.192.199.51

02:24:08 Owner IP-BLOCK 221.192.199.51

02:24:08 Owner IP-BLOCK 221.192.199.51

02:24:08 Owner IP-BLOCK 221.192.199.51

02:32:12 Owner IP-BLOCK 221.192.199.46

02:32:12 Owner IP-BLOCK 221.192.199.46

02:36:35 Owner IP-BLOCK 221.192.199.46

02:55:00 Owner IP-BLOCK 222.186.13.212

03:05:04 Owner IP-BLOCK 91.202.61.155

03:09:23 Owner IP-BLOCK 221.192.199.46

03:09:23 Owner IP-BLOCK 221.192.199.46

Link to post
Share on other sites

Guest garybear

Hi friend!! I'm worn clear out. Here is last report you asked for. I really appreciate you my friend. We will have to continue this tomorrow. I'm tired , but I want this over. I got several blocked IP's while running these tests. I did not see any until I started the tests. I do not know what that means, but I think I have made some one mad in China, Just got another IP blocked. Good night my friend and many thanks. We will start again tommarow.

Garybear!

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

Online Armor 4.0

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Duplicate Cleaner 1.4.3

Eusing Free Registry Cleaner

Adobe Flash Player 10.1.82.76

Mozilla Firefox (3.6.10) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Tall Emu Online Armor OAcat.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

Guest garybear

The reason you see Windows firewall enabled is because I disabled Online Armor. I will enable Avira and online Armor, and then I'm going to bed. Thank you Chris . I appreciate you my friend.

Garybear!

Link to post
Share on other sites

Guest garybear

Hi good friend! I have had 65 IP's blocked sense we started this topic.You are the expert and I will do what ever you ask me to do. I hate taking time that could be spent with members that have real infections. I don't think my PC is infected but will continue these tests for as long as you want me to. I think these are incoming IP's that are being blocked. I don't know what their intention is but I'm not going to turn MBAM off and find out. These are all Chinese IP addresses. I can get a different IP by disconnection and reconnecting to the internet. This usually stops this for awhile. I have no friends in China. I was a VIP Expert on the IObit forum for nearly two years. I exposed IObit 360 to the members when IObit refused to fix IObit 360. The big shot sent me a PM saying they didn't have the resources to fix the problems and they were busy working on other programs. I posted his PM on the forum and was banned. I have tried to warn people about IObit ever sense. I get into a lot of trouble doing that and have been asked by Ron not to post about them on this forum. I believe in my heart that this is why I'm being targeted and that is why I'm posting about this here. I doubt if there is any thing we can do to stop these IP's. I hope Ron will understand why I'm posting this to you at this time. After getting 65 blocked IP's I changed my IP address and haven't gotten any blocked Chinese IP's. When they start again, I will change my IP. I will continue doing what ever you want to do. I await your decision my friend!

Garybear! PS Please understand Ron why I'm posting this to Chris!! I think it's important for him to know this sir. I will not post any of this on the forum.

Link to post
Share on other sites

  • Staff

The point is that no malware appears to be present on your computer. The inbound connection appear to be a residual effect of malware trying to probe in.

Run Wireshark as follows and please save PMs for emergencies; I'm automatically notified of your replies...

1. Load Wireshark

2. Click Capture Options

3. UNTICK "Capture packets in promiscuous mode"

Once it's been running a while, and/or the Malwarebytes IP block has occured, click the STOP button on the toolbar (4th from the left), and go to File > Save, ensuring "Packet Range" is set to All Packets, type a filename and click Save. Then zip it up and attach it here.

Link to post
Share on other sites

Guest garybear

I can not follow this. I'm not getting any hits. I just want to stop. I don't care any more. Just release me.

Gary. I can not make this work. I'm tired and I'm going to bed.

Link to post
Share on other sites

Guest garybear

Thank you my friend for your time. I really appreciate you. I couldn't get Wireshark to work for me, and I didn't understand the function of the program. If no infections were found, then I'm ready to end this topic. I know where these blocked IP's are coming from. I have read that China has no regulations and so nothing can be done to stop this kind of behavior. After I disconnect and reconnect from the internet, I stop getting them for awhile. I will just do that until they get tired and stop bugging me. I'm glad that no infections were found on my PC. That was my main worry. I release you from this topic and thank you very very very much. I'll see you back on the forum. Thanks Chris! PS There are a bunch of people having this problem and that's why my friend MBAM has this feature. Thanks MBAM

Garybear!!

http://www.ipillion.com/?ip=221.192.199.48

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.