[Inactive] google redirect virus
Page 1 of 5 123 ... LastLast
Results 1 to 15 of 61

Thread: [Inactive] google redirect virus

Hybrid View

  1. #1
    Join Date
    Nov 2005
    Posts
    162

    [Inactive] google redirect virus

    google is my home page. Searches being redirected. dell vostro 200. running windows xp. pc tools spyware not running. Microsoft security essentials disabled. Can you help?

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    Follow the instructions here..

    http://discussions.virtualdr.com/sho...d.php?t=167915

    and copy/paste the log files/results of all 4 scanners in this thread.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  3. #3
    Join Date
    Nov 2005
    Posts
    162

    requested logs

    gmer kept crashing. The scan took forever and finally the operating system shut down to protect itself here are the other logs: I have regained control of my search engine but its slow and still nto right.

    Mary Forgione :: MARY [administrator]

    6/12/2012 11:17:10 PM
    mbam-log-2012-06-12 (23-17-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 425588
    Time elapsed: 1 hour(s), 30 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\TheBflix\data (PUP.BFlix) -> No action taken.

    Files Detected: 7
    C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\TheBflix\fhocdmhohpjjbaamenhbaidaoihaiflb.crx (PUP.BFlix) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\TheBflix\data\content.js (PUP.BFlix) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\TheBflix\data\jsondb.js (PUP.BFlix) -> No action taken.

    (end)



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-13 21:07:14
    -----------------------------
    21:07:14.093 OS Version: Windows 5.1.2600 Service Pack 3
    21:07:14.093 Number of processors: 1 586 0x1601
    21:07:14.093 ComputerName: MARY UserName:
    21:07:14.703 Initialize success
    21:11:58.531 AVAST engine defs: 12061301
    22:37:30.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:37:30.062 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
    22:37:30.093 Disk 0 MBR read successfully
    22:37:30.093 Disk 0 MBR scan
    22:37:30.140 Disk 0 Windows XP default MBR code
    22:37:30.140 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    22:37:30.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 96390
    22:37:30.171 Disk 0 scanning sectors +156232125
    22:37:30.250 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:37:47.734 Service scanning
    22:38:12.781 Modules scanning
    22:38:30.562 Disk 0 trace - called modules:
    22:38:30.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    22:38:30.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7dab8]
    22:38:30.937 3 CLASSPNP.SYS[f7673fd7] -> nt!IofCallDriver -> [0x86d15948]
    22:38:30.937 5 PCTCore.sys[f72fb82d] -> nt!IofCallDriver -> \Device\00000067[0x86d85f18]
    22:38:30.937 7 ACPI.sys[f74ea620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d92940]
    22:38:31.921 AVAST engine scan C:\WINDOWS
    22:38:48.140 AVAST engine scan C:\WINDOWS\system32
    22:40:59.421 AVAST engine scan C:\WINDOWS\system32\drivers
    22:41:19.203 AVAST engine scan C:\Documents and Settings\Mary Forgione
    22:43:39.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mary Forgione\My Documents\MBR.dat"
    22:43:39.046 The log file has been saved successfully to "C:\Documents and Settings\Mary Forgione\My Documents\aswMBR.txt"


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Mary Forgione at 22:48:03 on 2012-06-13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.384 [GMT -4:00]
    .
    AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
    C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\1196384047\ee\AOLSoftware.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Works\WkDStore.exe
    C:\Program Files\Microsoft Works\wkgdcach.exe
    C:\Program Files\Microsoft Works\WksWP.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
    BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Protector by IB: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\protector by ib\Extension32.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    mRun: [HostManager] c:\program files\common files\aol\1196384047\ee\AOLSoftware.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
    IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
    IE: Download with &Media Finder - c:\program files\media finder\hook.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    LSP: mswsock.dll
    Trusted Zone: motive.com\patttbc.att
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
    TCP: Interfaces\{039BC112-797C-492E-B17E-B2194D804BFC} : DhcpNameServer = 167.206.251.130 167.206.251.129
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-6-9 383368]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-6-9 342168]
    R1 MpKslf6737c92;MpKslf6737c92;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\MpKslf6737c92.sys [2012-6-13 29904]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-6-9 203088]
    R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-6-9 575416]
    R2 Protector by IB Updater;Protector by IB Updater;c:\program files\protector by ib\ExtensionUpdaterService.exe [2012-4-25 185856]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-6-9 402336]
    R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-6-9 1118648]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-6-9 70736]
    S1 axijmkwc;axijmkwc;\??\c:\windows\system32\drivers\axijmkwc.sys --> c:\windows\system32\drivers\axijmkwc.sys [?]
    S1 frahugpl;frahugpl;\??\c:\windows\system32\drivers\frahugpl.sys --> c:\windows\system32\drivers\frahugpl.sys [?]
    S1 gghcyyvs;gghcyyvs;\??\c:\windows\system32\drivers\gghcyyvs.sys --> c:\windows\system32\drivers\gghcyyvs.sys [?]
    S1 msgxxslg;msgxxslg;\??\c:\windows\system32\drivers\msgxxslg.sys --> c:\windows\system32\drivers\msgxxslg.sys [?]
    S1 ooertbom;ooertbom;\??\c:\windows\system32\drivers\ooertbom.sys --> c:\windows\system32\drivers\ooertbom.sys [?]
    S1 tbdjgeud;tbdjgeud;\??\c:\windows\system32\drivers\tbdjgeud.sys --> c:\windows\system32\drivers\tbdjgeud.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-25 29744]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
    .
    =============== Created Last 30 ================
    .
    2012-06-13 13:32:10 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\MpKslf6737c92.sys
    2012-06-13 05:07:43 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\offreg.dll
    2012-06-12 22:12:56 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\mpengine.dll
    2012-06-12 21:58:51 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-06-12 21:53:56 -------- d-sh--w- C:\found.000
    2012-06-10 04:29:50 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-10 04:18:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-10 03:27:37 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-06-10 03:27:33 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-06-10 03:27:28 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-06-10 03:25:29 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-06-10 03:25:29 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-06-10 03:25:25 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-06-10 03:25:25 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-06-10 03:09:09 -------- d-----w- c:\documents and settings\mary forgione\application data\DriverCure
    2012-06-10 03:09:08 -------- d-----w- c:\documents and settings\mary forgione\application data\SpeedMaxPc
    2012-06-10 03:08:58 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
    2012-06-10 02:30:15 -------- d-----w- c:\documents and settings\mary forgione\local settings\application data\Threat Expert
    2012-06-10 01:56:07 -------- d-----w- c:\program files\PC Tools
    2012-06-10 01:18:56 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-06-10 01:18:56 -------- d-----w- c:\program files\common files\PC Tools
    2012-06-10 01:18:37 -------- d-----w- c:\documents and settings\mary forgione\application data\TestApp
    2012-06-10 01:18:37 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-05-26 04:13:21 274288 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-26 04:13:21 215920 ----a-w- c:\windows\system32\muweb.dll
    2012-05-26 04:13:21 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-25 15:01:12 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-19 18:29:05 -------- d-----w- c:\documents and settings\mary forgione\application data\RealNetworks
    .
    ==================== Find3M ====================
    .
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    .
    ============= FINISH: 22:50:04.64 ==============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/29/2007 7:49:39 PM
    System Uptime: 6/13/2012 8:49:36 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0CU409
    Processor: Intel Pentium II processor | Socket 775 | 1596/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 27.145 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1087: 3/27/2012 4:43:06 PM - Installed AVG 2012
    RP1088: 3/27/2012 4:43:34 PM - Installed AVG 2012
    RP1089: 3/28/2012 5:29:42 AM - Software Distribution Service 3.0
    RP1090: 3/29/2012 6:38:22 AM - System Checkpoint
    RP1091: 3/30/2012 6:52:57 AM - System Checkpoint
    RP1092: 3/31/2012 8:23:38 AM - System Checkpoint
    RP1093: 4/2/2012 4:44:49 PM - System Checkpoint
    RP1094: 4/3/2012 5:01:35 PM - System Checkpoint
    RP1095: 4/4/2012 7:02:41 PM - System Checkpoint
    RP1096: 4/5/2012 9:01:37 PM - System Checkpoint
    RP1097: 4/7/2012 2:44:55 AM - System Checkpoint
    RP1098: 4/8/2012 3:20:01 AM - System Checkpoint
    RP1099: 4/9/2012 3:21:43 AM - System Checkpoint
    RP1100: 4/10/2012 4:20:47 AM - System Checkpoint
    RP1101: 4/11/2012 8:14:09 AM - System Checkpoint
    RP1102: 4/12/2012 3:00:15 AM - Software Distribution Service 3.0
    RP1103: 4/13/2012 1:38:37 PM - System Checkpoint
    RP1104: 4/14/2012 3:10:52 PM - System Checkpoint
    RP1105: 4/15/2012 3:37:05 PM - System Checkpoint
    RP1106: 4/16/2012 5:01:20 PM - System Checkpoint
    RP1107: 4/17/2012 5:37:17 PM - System Checkpoint
    RP1108: 4/17/2012 8:30:06 PM - Installed QuickTime
    RP1109: 4/18/2012 9:31:45 PM - System Checkpoint
    RP1110: 4/19/2012 10:56:47 PM - System Checkpoint
    RP1111: 4/20/2012 11:31:43 PM - System Checkpoint
    RP1112: 4/22/2012 1:21:40 AM - System Checkpoint
    RP1113: 4/23/2012 3:21:40 AM - System Checkpoint
    RP1114: 4/24/2012 10:39:20 AM - System Checkpoint
    RP1115: 4/24/2012 8:54:29 PM - avast! Free Antivirus Setup
    RP1116: 4/25/2012 11:03:12 PM - System Checkpoint
    RP1117: 4/26/2012 11:37:47 PM - System Checkpoint
    RP1118: 4/28/2012 12:18:34 AM - System Checkpoint
    RP1119: 4/29/2012 1:35:04 AM - System Checkpoint
    RP1120: 4/30/2012 3:35:04 AM - System Checkpoint
    RP1121: 5/1/2012 5:09:20 PM - System Checkpoint
    RP1122: 5/2/2012 6:50:22 PM - System Checkpoint
    RP1123: 5/3/2012 8:50:22 PM - System Checkpoint
    RP1124: 5/4/2012 9:52:13 PM - System Checkpoint
    RP1125: 5/5/2012 11:52:13 PM - System Checkpoint
    RP1126: 5/7/2012 2:24:59 AM - System Checkpoint
    RP1127: 5/8/2012 3:19:52 AM - System Checkpoint
    RP1128: 5/9/2012 5:19:57 AM - System Checkpoint
    RP1129: 5/10/2012 3:00:14 AM - Software Distribution Service 3.0
    RP1130: 5/11/2012 3:22:32 AM - System Checkpoint
    RP1131: 5/12/2012 5:22:32 AM - System Checkpoint
    RP1132: 5/13/2012 10:26:31 PM - System Checkpoint
    RP1133: 5/15/2012 2:32:51 AM - System Checkpoint
    RP1134: 5/16/2012 3:26:56 AM - System Checkpoint
    RP1135: 5/17/2012 5:26:57 AM - System Checkpoint
    RP1136: 5/18/2012 7:30:09 AM - System Checkpoint
    RP1137: 5/19/2012 7:54:20 AM - System Checkpoint
    RP1138: 5/20/2012 9:54:20 AM - System Checkpoint
    RP1139: 5/21/2012 12:14:00 PM - System Checkpoint
    RP1140: 5/22/2012 3:13:10 PM - System Checkpoint
    RP1141: 5/23/2012 10:23:17 PM - System Checkpoint
    RP1142: 5/25/2012 10:45:01 AM - avast! Free Antivirus Setup
    RP1143: 5/25/2012 10:51:41 AM - Removed AVG 2012
    RP1144: 5/25/2012 10:53:10 AM - Removed AVG 2012
    RP1145: 5/25/2012 11:01:12 AM - Software Distribution Service 3.0
    RP1146: 5/26/2012 3:00:16 AM - Software Distribution Service 3.0
    RP1147: 5/27/2012 1:48:00 AM - Software Distribution Service 3.0
    RP1148: 5/27/2012 9:40:36 AM - Software Distribution Service 3.0
    RP1149: 5/28/2012 9:41:42 AM - Software Distribution Service 3.0
    RP1150: 5/29/2012 9:40:45 AM - Software Distribution Service 3.0
    RP1151: 5/30/2012 9:40:55 AM - Software Distribution Service 3.0
    RP1152: 5/31/2012 9:40:59 AM - Software Distribution Service 3.0
    RP1153: 6/1/2012 9:41:06 AM - Software Distribution Service 3.0
    RP1154: 6/2/2012 9:40:58 AM - Software Distribution Service 3.0
    RP1155: 6/3/2012 1:46:43 AM - Software Distribution Service 3.0
    RP1156: 6/3/2012 9:40:57 AM - Software Distribution Service 3.0
    RP1157: 6/4/2012 3:00:24 AM - Software Distribution Service 3.0
    RP1158: 6/5/2012 3:22:44 AM - System Checkpoint
    RP1159: 6/5/2012 3:30:11 AM - Software Distribution Service 3.0
    RP1160: 6/5/2012 4:26:57 PM - Software Distribution Service 3.0
    RP1161: 6/6/2012 4:26:44 PM - Software Distribution Service 3.0
    RP1162: 6/7/2012 4:26:40 PM - Software Distribution Service 3.0
    RP1163: 6/8/2012 4:26:40 PM - Software Distribution Service 3.0
    RP1164: 6/9/2012 4:27:46 PM - Software Distribution Service 3.0
    RP1165: 6/10/2012 12:35:21 AM - Software Distribution Service 3.0
    RP1166: 6/10/2012 2:38:48 AM - Software Distribution Service 3.0
    RP1167: 6/11/2012 9:23:21 AM - System Checkpoint
    RP1168: 6/11/2012 10:02:49 AM - Software Distribution Service 3.0
    RP1169: 6/12/2012 5:42:00 PM - Software Distribution Service 3.0
    RP1170: 6/12/2012 6:12:28 PM - Software Distribution Service 3.0
    RP1171: 6/13/2012 2:54:22 PM - System Checkpoint
    RP1172: 6/13/2012 9:26:23 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    5600
    5600_Help
    5600Trb
    Ad-Aware 2007
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    AiO_Scan
    AiOSoftware
    AOL Registration
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Software Update
    AT&T Internet Security Wizard 1.5.11
    AT&T Self Support Tool
    Browser Address Error Redirector
    Browser Guard 4.0
    BufferChm
    Conexant D850 56K V.9x DFVc Modem
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CustomerResearchQFolder
    Dell Driver Reset Tool
    Dell Network Assistant
    Dell Support Center
    DellSupport
    Destinations
    DeviceManagementQFolder
    Dictionary.com Toolbar
    Dictionary.com Toolbar Updater
    Digital Line Detect
    DocProc
    eSupportQFolder
    Fax
    Final Media Player 2010
    Google Chrome
    Google Desktop
    Google Earth
    Google Update Helper
    HP Extended Capabilities 5.3
    HP Image Zone Express
    HP Imaging Device Functions 5.3
    HP Product Assistant
    HP PSC & OfficeJet 5.3.B
    HP Solution Center & Imaging Support Tools 5.3
    HP Update
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections 12.1.8.0
    J2SE Runtime Environment 5.0 Update 6
    K-Lite Codec Pack 8.7.0 (Basic)
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Modem Diagnostic Tool
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    My.Freeze.com NetAssistant
    NetWaiting
    NewCopy
    PowerDVD
    PriceGong 2.1.0
    ProductContext
    Protector by IB 2.0.0.426
    QualxServ Service Agreement
    QuickTime
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Scan
    ScannerCopy
    SearchAssist
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Shop to Win 2
    SolutionCenter
    Sonic Activation Module
    Status
    TrayApp
    Unload
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2718704)
    Viewpoint Media Player
    WeatherBug
    WebFldrs XP
    WebReg
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/13/2012 9:34:10 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    6/13/2012 9:02:28 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1867.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80072efd Error description: A connection with the server could not be established
    6/13/2012 8:59:01 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 861f6d78, parameter3 861f6eec, parameter4 805c863c.
    6/13/2012 7:57:48 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
    6/13/2012 7:57:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'change.log' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    6/13/2012 7:57:02 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
    6/13/2012 7:57:02 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Real\RealPlayer\update\setu3270.dll. Reference error message: The operation completed successfully. .
    6/13/2012 7:55:03 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
    6/13/2012 7:55:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
    6/13/2012 7:55:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
    6/13/2012 2:23:33 PM, error: PCTCore [280] -
    6/13/2012 2:19:15 PM, error: System Error [1003] - Error code c000021a, parameter1 e75c8138, parameter2 c0000006, parameter3 7e79c7d9, parameter4 0127e224.
    6/12/2012 6:34:35 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    6/12/2012 5:56:32 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/12/2012 5:55:00 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.127.1752.0;1.127.1752.0 Engine version: 1.1.8403.0
    .
    ==== End Of File =========================

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    ===========================================================

    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.

    You're running two AV programs, AVG and MSE.
    One of them has to go.
    If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    When done....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.

    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

  5. #5
    Join Date
    Nov 2005
    Posts
    162

    well take it one step at atime

    I cannot access my firewall on control panel. should I do anythng about that at this time.

    I want to delete a trial version of pc tools spyware doctor but it is not on the list of add remove programs and there is no uninstall. If you could recommend something.

    I uninstalled avg but I guess I didn't get it all. which remover should I use 32 or 64 bit

  6. #6
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Your computer is 32-bit.

    Don't worry about Windows firewall for now.

  7. #7
    Join Date
    Nov 2005
    Posts
    162

    combo fix still detecting avg

    I don;t think avg remover is running heres the log from the most recent attempt. it s large ans i may need two responses to get it all the log is 131000 and the reply limit is 50ooo pleas advise. heres the first third or so

    2012-06-20 02:49:32,343 INFO AvgRemover 2012.0.5
    -------------------------------------------------------
    2012-06-20 02:49:32,343 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
    2012-06-20 02:49:32,343 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
    2012-06-20 02:49:32,343 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
    2012-06-20 02:49:32,343 INFO Command line: "C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe"
    2012-06-20 02:49:32,343 WARN AvgDir param empty.
    2012-06-20 02:49:32,343 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\Documents and Settings\All Users\Application Data\AVG2012', use this path as default.
    2012-06-20 02:49:34,031 INFO AvgRemover runs in attempt number 1
    2012-06-20 02:49:34,031 INFO Attempting to unregister AVG from the Windows Security Center.
    2012-06-20 02:49:34,046 INFO Attempting to uninstall AVG Identity Protection.
    2012-06-20 02:49:34,265 INFO Attempting to uninstall toolbar
    2012-06-20 02:49:34,265 INFO ***** Msi data *****
    2012-06-20 02:49:34,265 DEBUG No product code found for our upgrade codes, nothing to do here
    2012-06-20 02:49:34,265 INFO ***** Exchange&Outlook plugins data *****
    2012-06-20 02:49:34,265 INFO Removing AvgOutlook addin
    2012-06-20 02:49:34,265 INFO AvgOutlook Removing HKCR addin keys x86
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
    2012-06-20 02:49:34,265 INFO AvgOutlook Removing HKCR addin keys x64
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
    2012-06-20 02:49:34,265 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
    2012-06-20 02:49:34,265 INFO Removing Sharepoint plugin if exists
    2012-06-20 02:49:34,265 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
    2012-06-20 02:49:34,265 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
    2012-06-20 02:49:34,265 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
    2012-06-20 02:49:34,265 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
    2012-06-20 02:49:34,265 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
    2012-06-20 02:49:34,265 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
    2012-06-20 02:49:34,265 INFO ***** Services *****
    2012-06-20 02:49:34,265 INFO Processing service avg8emc, it can take several minutes...
    2012-06-20 02:49:34,281 INFO Service avg8emc is not installed
    2012-06-20 02:49:34,281 DEBUG Service avg8emc RegCleanup
    2012-06-20 02:49:34,281 DEBUG Registry keys for service avg8emc are not present
    2012-06-20 02:49:34,281 INFO Processing service avgfws8, it can take several minutes...
    2012-06-20 02:49:34,281 INFO Service avgfws8 is not installed
    2012-06-20 02:49:34,281 DEBUG Service avgfws8 RegCleanup
    2012-06-20 02:49:34,281 DEBUG Registry keys for service avgfws8 are not present
    2012-06-20 02:49:34,281 INFO Processing service avg8wd, it can take several minutes...
    2012-06-20 02:49:34,281 INFO Service avg8wd is not installed
    2012-06-20 02:49:34,281 DEBUG Service avg8wd RegCleanup
    2012-06-20 02:49:34,281 DEBUG Registry keys for service avg8wd are not present
    2012-06-20 02:49:34,281 INFO Processing service AvgWFPx, it can take several minutes...
    2012-06-20 02:49:34,281 INFO Service AvgWFPx is not installed
    2012-06-20 02:49:34,281 DEBUG Service AvgWFPx RegCleanup
    2012-06-20 02:49:34,281 DEBUG Registry keys for service AvgWFPx are not present
    2012-06-20 02:49:34,281 INFO Processing service AvgWFPa, it can take several minutes...
    2012-06-20 02:49:34,281 INFO Service AvgWFPa is not installed
    2012-06-20 02:49:34,281 DEBUG Service AvgWFPa RegCleanup
    2012-06-20 02:49:34,281 DEBUG Registry keys for service AvgWFPa are not present
    2012-06-20 02:49:34,281 INFO Processing service avg9wd, it can take several minutes...
    2012-06-20 02:49:34,281 INFO Service avg9wd is not installed
    2012-06-20 02:49:34,281 DEBUG Service avg9wd RegCleanup
    2012-06-20 02:49:34,281 DEBUG Registry keys for service avg9wd are not present
    2012-06-20 02:49:34,281 INFO Processing service AvgMfx86, it can take several minutes...
    2012-06-20 02:49:34,281 INFO Service AvgMfx86 is not installed
    2012-06-20 02:49:34,296 DEBUG Service AvgMfx86 RegCleanup
    2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgMfx86 are not present
    2012-06-20 02:49:34,296 INFO Processing service AvgMfx64, it can take several minutes...
    2012-06-20 02:49:34,296 INFO Service AvgMfx64 is not installed
    2012-06-20 02:49:34,296 DEBUG Service AvgMfx64 RegCleanup
    2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgMfx64 are not present
    2012-06-20 02:49:34,296 INFO Processing service AvgLdx86, it can take several minutes...
    2012-06-20 02:49:34,296 INFO Service AvgLdx86 is not installed
    2012-06-20 02:49:34,296 DEBUG Service AvgLdx86 RegCleanup
    2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgLdx86 are not present
    2012-06-20 02:49:34,296 INFO Processing service AvgLdx64, it can take several minutes...
    2012-06-20 02:49:34,296 INFO Service AvgLdx64 is not installed
    2012-06-20 02:49:34,296 DEBUG Service AvgLdx64 RegCleanup
    2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgLdx64 are not present
    2012-06-20 02:49:34,296 INFO Processing service AvgTdiX, it can take several minutes...
    2012-06-20 02:49:34,296 INFO Service AvgTdiX is not installed
    2012-06-20 02:49:34,296 DEBUG Service AvgTdiX RegCleanup
    2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgTdiX are not present
    2012-06-20 02:49:34,296 INFO Processing service AvgTdiA, it can take several minutes...
    2012-06-20 02:49:34,296 INFO Service AvgTdiA is not installed
    2012-06-20 02:49:34,296 DEBUG Service AvgTdiA RegCleanup
    2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgTdiA are not present
    2012-06-20 02:49:34,296 INFO Processing service AvgWfpX, it can take several minutes...
    2012-06-20 02:49:34,312 INFO Service AvgWfpX is not installed
    2012-06-20 02:49:34,312 DEBUG Service AvgWfpX RegCleanup
    2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgWfpX are not present
    2012-06-20 02:49:34,312 INFO Processing service AvgWfpA, it can take several minutes...
    2012-06-20 02:49:34,312 INFO Service AvgWfpA is not installed
    2012-06-20 02:49:34,312 DEBUG Service AvgWfpA RegCleanup
    2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgWfpA are not present
    2012-06-20 02:49:34,312 INFO Processing service AvgRkx86, it can take several minutes...
    2012-06-20 02:49:34,312 INFO Service AvgRkx86 is not installed
    2012-06-20 02:49:34,312 DEBUG Service AvgRkx86 RegCleanup
    2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgRkx86 are not present
    2012-06-20 02:49:34,312 INFO Processing service AvgRkx64, it can take several minutes...
    2012-06-20 02:49:34,312 INFO Service AvgRkx64 is not installed
    2012-06-20 02:49:34,312 DEBUG Service AvgRkx64 RegCleanup
    2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgRkx64 are not present
    2012-06-20 02:49:34,312 INFO Processing service avg9emc, it can take several minutes...
    2012-06-20 02:49:34,312 INFO Service avg9emc is not installed
    2012-06-20 02:49:34,312 DEBUG Service avg9emc RegCleanup
    2012-06-20 02:49:34,312 DEBUG Registry keys for service avg9emc are not present
    2012-06-20 02:49:34,312 INFO Processing service avgfws9, it can take several minutes...
    2012-06-20 02:49:34,312 INFO Service avgfws9 is not installed
    2012-06-20 02:49:34,312 DEBUG Service avgfws9 RegCleanup
    2012-06-20 02:49:34,312 DEBUG Registry keys for service avgfws9 are not present
    2012-06-20 02:49:34,312 INFO Processing service avgfws, it can take several minutes...
    2012-06-20 02:49:34,312 INFO Service avgfws is not installed
    2012-06-20 02:49:34,312 DEBUG Service avgfws RegCleanup
    2012-06-20 02:49:34,328 DEBUG Registry keys for service avgfws are not present
    2012-06-20 02:49:34,328 INFO Processing service AVGIDSAgent, it can take several minutes...
    2012-06-20 02:49:34,328 INFO Service AVGIDSAgent is not installed
    2012-06-20 02:49:34,328 DEBUG Service AVGIDSAgent RegCleanup
    2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSAgent are not present
    2012-06-20 02:49:34,328 INFO Processing service AVGIDSWatcher, it can take several minutes...
    2012-06-20 02:49:34,328 INFO Service AVGIDSWatcher is not installed
    2012-06-20 02:49:34,328 DEBUG Service AVGIDSWatcher RegCleanup
    2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSWatcher are not present
    2012-06-20 02:49:34,328 INFO Processing service AVGIDSShimxpx, it can take several minutes...
    2012-06-20 02:49:34,328 INFO Service AVGIDSShimxpx is not installed
    2012-06-20 02:49:34,328 DEBUG Service AVGIDSShimxpx RegCleanup
    2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSShimxpx are not present
    2012-06-20 02:49:34,328 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
    2012-06-20 02:49:34,328 INFO Service AVGIDSFilterxpx is not installed
    2012-06-20 02:49:34,328 DEBUG Service AVGIDSFilterxpx RegCleanup
    2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSFilterxpx are not present
    2012-06-20 02:49:34,328 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
    2012-06-20 02:49:34,328 INFO Service AVGIDSDriverxpx is not installed
    2012-06-20 02:49:34,328 DEBUG Service AVGIDSDriverxpx RegCleanup
    2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSDriverxpx are not present
    2012-06-20 02:49:34,328 INFO Processing service AVGIDSShimvtx, it can take several minutes...
    2012-06-20 02:49:34,328 INFO Service AVGIDSShimvtx is not installed
    2012-06-20 02:49:34,328 DEBUG Service AVGIDSShimvtx RegCleanup
    2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSShimvtx are not present
    2012-06-20 02:49:34,328 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
    2012-06-20 02:49:34,343 INFO Service AVGIDSFiltervtx is not installed
    2012-06-20 02:49:34,343 DEBUG Service AVGIDSFiltervtx RegCleanup
    2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFiltervtx are not present
    2012-06-20 02:49:34,343 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
    2012-06-20 02:49:34,343 INFO Service AVGIDSDrivervtx is not installed
    2012-06-20 02:49:34,343 DEBUG Service AVGIDSDrivervtx RegCleanup
    2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSDrivervtx are not present
    2012-06-20 02:49:34,343 INFO Processing service AVGIDSFiltervta, it can take several minutes...
    2012-06-20 02:49:34,343 INFO Service AVGIDSFiltervta is not installed
    2012-06-20 02:49:34,343 DEBUG Service AVGIDSFiltervta RegCleanup
    2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFiltervta are not present
    2012-06-20 02:49:34,343 INFO Processing service AVGIDSDrivervta, it can take several minutes...
    2012-06-20 02:49:34,343 INFO Service AVGIDSDrivervta is not installed
    2012-06-20 02:49:34,343 DEBUG Service AVGIDSDrivervta RegCleanup
    2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSDrivervta are not present
    2012-06-20 02:49:34,343 INFO Processing service AVGIDSShimw7x, it can take several minutes...
    2012-06-20 02:49:34,343 INFO Service AVGIDSShimw7x is not installed
    2012-06-20 02:49:34,343 DEBUG Service AVGIDSShimw7x RegCleanup
    2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSShimw7x are not present
    2012-06-20 02:49:34,343 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
    2012-06-20 02:49:34,343 INFO Service AVGIDSFilterw7x is not installed
    2012-06-20 02:49:34,343 DEBUG Service AVGIDSFilterw7x RegCleanup
    2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFilterw7x are not present
    2012-06-20 02:49:34,343 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
    2012-06-20 02:49:34,359 INFO Service AVGIDSDriverw7x is not installed
    2012-06-20 02:49:34,359 DEBUG Service AVGIDSDriverw7x RegCleanup
    2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSDriverw7x are not present
    2012-06-20 02:49:34,359 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
    2012-06-20 02:49:34,359 INFO Service AVGIDSFilterw7a is not installed
    2012-06-20 02:49:34,359 DEBUG Service AVGIDSFilterw7a RegCleanup
    2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSFilterw7a are not present
    2012-06-20 02:49:34,359 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
    2012-06-20 02:49:34,359 INFO Service AVGIDSDriverw7a is not installed
    2012-06-20 02:49:34,359 DEBUG Service AVGIDSDriverw7a RegCleanup
    2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSDriverw7a are not present
    2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
    2012-06-20 02:49:34,359 INFO Service AVGIDSErHrxpx is not installed
    2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrxpx RegCleanup
    2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrxpx are not present
    2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
    2012-06-20 02:49:34,359 INFO Service AVGIDSErHrvtx is not installed
    2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrvtx RegCleanup
    2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrvtx are not present
    2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrvta, it can take several minutes...
    2012-06-20 02:49:34,359 INFO Service AVGIDSErHrvta is not installed
    2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrvta RegCleanup
    2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrvta are not present
    2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
    2012-06-20 02:49:34,359 INFO Service AVGIDSErHrw7x is not installed
    2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrw7x RegCleanup
    2012-06-20 02:49:34,375 DEBUG Registry keys for service AVGIDSErHrw7x are not present
    2012-06-20 02:49:34,375 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
    2012-06-20 02:49:34,375 INFO Service AVGIDSErHrw7a is not installed
    2012-06-20 02:49:34,375 DEBUG Service AVGIDSErHrw7a RegCleanup
    2012-06-20 02:49:34,375 DEBUG Registry keys for service AVGIDSErHrw7a are not present
    2012-06-20 02:49:34,375 INFO Processing service avgwd, it can take several minutes...
    2012-06-20 02:49:34,375 INFO Service avgwd is not installed
    2012-06-20 02:49:34,375 DEBUG Service avgwd RegCleanup
    2012-06-20 02:49:34,375 DEBUG Registry keys for service avgwd are not present
    2012-06-20 02:49:34,375 INFO ***** Avg Fw NDIS driver(separate process) *****
    2012-06-20 02:49:34,468 INFO AvgRemover 2012.0.5
    -------------------------------------------------------
    2012-06-20 02:49:34,468 DEBUG Deleting stuck RunOnce value from registry.
    2012-06-20 02:49:34,468 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
    2012-06-20 02:49:34,468 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
    2012-06-20 02:49:34,468 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
    2012-06-20 02:49:34,468 INFO Command line: "C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe" /ndisonly /skipask
    2012-06-20 02:49:34,468 WARN AvgDir param empty.
    2012-06-20 02:49:34,468 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\Documents and Settings\All Users\Application Data\AVG2012', use this path as default.
    2012-06-20 02:49:34,468 INFO AvgRemover runs in attempt number 1
    2012-06-20 02:49:34,468 INFO ***** Avg Fw NDIS driver *****
    2012-06-20 02:49:34,468 INFO ...this operation can take several minutes...
    2012-06-20 02:49:34,484 INFO FW removing policy
    2012-06-20 02:49:34,687 INFO FW NDIS driver not present
    2012-06-20 02:49:34,703 DEBUG Remove NDIS driver pass, next uninstalation step is 10, old was 1
    2012-06-20 02:49:34,703 INFO ***** end of Fw NDIS separated process *****
    2012-06-20 02:49:34,703 INFO ***** Drivers *****
    2012-06-20 02:49:34,703 INFO ***** Running AVG process *****
    2012-06-20 02:49:35,437 INFO ***** Registry keys and values *****
    2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
    2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
    2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
    2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
    2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
    2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
    2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
    2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1E73965B-8B48-48be-9C8D-68B920ABC1C4} Remove
    2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1E73965B-8B48-48be-9C8D-68B920ABC1C4} is not present
    2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
    2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
    2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
    2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
    2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
    2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
    2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt
    2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt ForceRemove
    2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt not found
    2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt
    2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt ForceRemove
    2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt not found
    2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
    2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
    2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
    2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
    2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
    2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
    2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
    2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
    2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
    2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
    2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
    2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
    2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
    2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
    2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
    2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
    2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
    2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
    2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
    2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2012-06-20 02:49:35,468 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
    2012-06-20 02:49:35,531 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
    2012-06-20 02:49:35,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2012-06-20 02:49:35,531 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
    2012-06-20 02:49:35,531 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
    2012-06-20 02:49:35,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2012-06-20 02:49:35,531 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
    2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
    2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
    2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
    2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
    2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
    2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
    2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
    2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
    2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
    2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
    2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
    2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
    2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
    2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
    2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
    2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
    2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdi
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdi not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
    2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
    2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
    2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
    2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL ForceRemove
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL not found
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    2012-06-20 02:49:35,593 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
    2012-06-20 02:49:35,593 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    2012-06-20 02:49:35,593 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
    2012-06-20 02:49:35,593 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
    2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
    2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
    2012-06-20 02:49:35,609 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\Control\GroupOrderList
    2012-06-20 02:49:35,609 DEBUG Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG Remove
    2012-06-20 02:49:35,609 INFO Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG is not present
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avg
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avg ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avg not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avgfwfd
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVG Security Toolbar Service
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avgfws
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfws ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfws not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSAgent
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSDriver
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSEH
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSFilter
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgldx64
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgldx86
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx64
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 ForceRemove
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 not found
    2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx86
    2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\

  8. #8
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
    Then try Revo to uninstall AVG...

    Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

    Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
    • Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on the program you want to remove
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • When the built-in uninstaller is finished click on Next
    • Once the program has searched for leftovers click Next.
    • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
    • When prompted click on Yes and then on Next.
    • Put a check on any folders that are found and select Delete
    • When prompted select Yes then Next
    • Once done click Finish.

  9. #9
    Join Date
    Nov 2005
    Posts
    162

    mbam log

    I will try to remove avg again

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.20.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Mary Forgione :: MARY [administrator]

    6/20/2012 7:48:45 PM
    mbam-log-2012-06-20 (19-48-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 428750
    Time elapsed: 1 hour(s), 15 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.

    Files Detected: 7
    C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\fhocdmhohpjjbaamenhbaidaoihaiflb.crx (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.

    (end)

  10. #10
    Join Date
    Nov 2005
    Posts
    162

    avg not found

    avg not on list

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Go ahead with Combofix.

  12. #12
    Join Date
    Nov 2005
    Posts
    162

    confirm

    Just want to be sure. Combofix prompts me about possible danger running it with an active virus scanner. i should cliock ok and run it anyway.

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Yes go ahead.

  14. #14
    Join Date
    Nov 2005
    Posts
    162

    combo fix log

    heres the log what do I do next

    ComboFix 12-06-21.02 - Mary Forgione 06/21/2012 21:39:09.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.376 [GMT -4:00]
    Running from: c:\documents and settings\Mary Forgione\Desktop\ComboFix.exe
    AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
    c:\documents and settings\Guest\Application Data\PriceGong
    c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Mary Forgione\Application Data\HPSU_48BitScanUpdate.log
    c:\documents and settings\Mary Forgione\Application Data\PriceGong
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\z.xml
    c:\program files\Freeze.com\My.Freeze.com NetAssistant\NeTAssistant.dll
    c:\program files\Protector by IB\ExTEnsion32.dll
    c:\program files\Shop to Win 2\ShOPpingbho.dll
    c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\@
    c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
    c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\1afb2d56
    c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\201d3dde
    c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\7d3dafd103a8533f.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\download
    c:\windows\system32\download\ispinfo.csv
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-22 02:09 . 2012-06-22 02:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
    2012-06-21 01:48 . 2012-06-21 01:52 -------- d-----w- c:\windows\LastGood.Tmp
    2012-06-21 01:48 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\program files\VS Revo Group
    2012-06-20 14:15 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\mpengine.dll
    2012-06-18 03:29 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-14 03:15 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-12 21:53 . 2012-06-12 21:53 -------- d-----w- C:\found.000
    2012-06-10 04:29 . 2012-06-10 04:32 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-10 04:18 . 2012-06-10 04:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-10 03:27 . 2012-05-11 15:08 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-06-10 03:27 . 2012-05-11 15:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-06-10 03:27 . 2012-05-11 15:14 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-06-10 03:25 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-06-10 03:25 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-06-10 03:25 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-06-10 03:25 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\DriverCure
    2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\SpeedMaxPc
    2012-06-10 03:08 . 2012-06-10 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
    2012-06-10 02:30 . 2012-06-10 02:30 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\Threat Expert
    2012-06-10 01:57 . 2012-05-08 22:21 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-06-10 01:57 . 2012-05-08 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
    2012-06-10 01:57 . 2012-05-08 22:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
    2012-06-10 01:57 . 2012-05-08 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
    2012-06-10 01:57 . 2012-05-08 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
    2012-06-10 01:56 . 2012-06-10 03:27 -------- d-----w- c:\program files\PC Tools
    2012-06-10 01:18 . 2012-06-10 05:07 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-06-10 01:18 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-06-10 01:18 . 2012-06-10 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-06-10 01:18 . 2012-06-10 01:18 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\TestApp
    2012-05-26 04:13 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-26 04:13 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2012-05-25 15:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20 . 2004-08-10 17:51 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:42 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-08 21:47 . 2012-06-10 01:57 3488 ----a-w- c:\windows\UDB.zip
    2012-05-08 21:47 . 2012-06-10 01:57 131 ----a-w- c:\windows\IDB.zip
    2012-05-04 13:12 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-04 19:56 . 2010-12-25 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-13 880496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HostManager"="c:\program files\Common Files\AOL\1196384047\ee\AOLSoftware.exe" [2010-03-08 41800]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-06 296056]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
    "ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
    backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2007-06-14 01:41 69632 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-07-30 09:40 16384 ----a-w- c:\dell\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-08-30 18:11 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1196384047\ee\aolsoftware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-06-14 00:21 162584 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-06-14 00:21 142104 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
    2007-05-03 18:12 2061816 ----a-w- c:\program files\AT&T\Internet Security Wizard\ISW.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-06-14 00:21 138008 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2007-06-14 01:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2009-12-29 14:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/9/2012 11:25 PM 383368]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/9/2012 11:25 PM 342168]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/9/2012 9:18 PM 203088]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [6/9/2012 9:57 PM 575416]
    R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [4/25/2012 8:00 PM 185856]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [6/9/2012 11:27 PM 402336]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [6/9/2012 9:57 PM 70736]
    S1 axijmkwc;axijmkwc;\??\c:\windows\system32\drivers\axijmkwc.sys --> c:\windows\system32\drivers\axijmkwc.sys [?]
    S1 frahugpl;frahugpl;\??\c:\windows\system32\drivers\frahugpl.sys --> c:\windows\system32\drivers\frahugpl.sys [?]
    S1 gghcyyvs;gghcyyvs;\??\c:\windows\system32\drivers\gghcyyvs.sys --> c:\windows\system32\drivers\gghcyyvs.sys [?]
    S1 MpKslecf76eb8;MpKslecf76eb8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys [?]
    S1 msgxxslg;msgxxslg;\??\c:\windows\system32\drivers\msgxxslg.sys --> c:\windows\system32\drivers\msgxxslg.sys [?]
    S1 ooertbom;ooertbom;\??\c:\windows\system32\drivers\ooertbom.sys --> c:\windows\system32\drivers\ooertbom.sys [?]
    S1 tbdjgeud;tbdjgeud;\??\c:\windows\system32\drivers\tbdjgeud.sys --> c:\windows\system32\drivers\tbdjgeud.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/25/2007 6:32 PM 29744]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/20/2012 9:48 PM 27064]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PCTSDInjDriver32
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
    .
    2012-06-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
    .
    2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
    .
    2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
    .
    2012-06-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-05-04 19:43]
    .
    2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
    IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
    IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: motive.com\patttbc.att
    TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
    MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-21 22:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(828)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    - - - - - - - > 'explorer.exe'(3768)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Dell Network Assistant\hnm_svc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-21 22:53:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-22 02:53
    .
    Pre-Run: 32,680,919,040 bytes free
    Post-Run: 33,734,696,960 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 812B65A5C586EF2A5E7A6CC13F4E423B

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    
    File::
    c:\windows\system32\drivers\axijmkwc.sys
    c:\windows\system32\drivers\frahugpl.sys
    c:\windows\system32\drivers\msgxxslg.sys
    c:\windows\system32\drivers\gghcyyvs.sys
    c:\windows\system32\drivers\ooertbom.sys
    c:\windows\system32\drivers\tbdjgeud.sys
    
    
    Folder::
    
    Driver::
    axijmkwc
    frahugpl
    gghcyyvs
    MpKslecf76eb8
    msgxxslg
    ooertbom
    tbdjgeud
    
    Registry::
    
    ClearJavaCache::

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •