-
June 9th, 2012, 11:51 PM
#1
[Inactive] google redirect virus
google is my home page. Searches being redirected. dell vostro 200. running windows xp. pc tools spyware not running. Microsoft security essentials disabled. Can you help?
-
June 10th, 2012, 02:11 AM
#2
Follow the instructions here..
http://discussions.virtualdr.com/sho...d.php?t=167915
and copy/paste the log files/results of all 4 scanners in this thread.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
June 13th, 2012, 11:59 PM
#3
requested logs
gmer kept crashing. The scan took forever and finally the operating system shut down to protect itself here are the other logs: I have regained control of my search engine but its slow and still nto right.
Mary Forgione :: MARY [administrator]
6/12/2012 11:17:10 PM
mbam-log-2012-06-12 (23-17-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 425588
Time elapsed: 1 hour(s), 30 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\data (PUP.BFlix) -> No action taken.
Files Detected: 7
C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\fhocdmhohpjjbaamenhbaidaoihaiflb.crx (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\content.js (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\jsondb.js (PUP.BFlix) -> No action taken.
(end)
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-13 21:07:14
-----------------------------
21:07:14.093 OS Version: Windows 5.1.2600 Service Pack 3
21:07:14.093 Number of processors: 1 586 0x1601
21:07:14.093 ComputerName: MARY UserName:
21:07:14.703 Initialize success
21:11:58.531 AVAST engine defs: 12061301
22:37:30.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:37:30.062 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
22:37:30.093 Disk 0 MBR read successfully
22:37:30.093 Disk 0 MBR scan
22:37:30.140 Disk 0 Windows XP default MBR code
22:37:30.140 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
22:37:30.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 96390
22:37:30.171 Disk 0 scanning sectors +156232125
22:37:30.250 Disk 0 scanning C:\WINDOWS\system32\drivers
22:37:47.734 Service scanning
22:38:12.781 Modules scanning
22:38:30.562 Disk 0 trace - called modules:
22:38:30.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:38:30.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7dab8]
22:38:30.937 3 CLASSPNP.SYS[f7673fd7] -> nt!IofCallDriver -> [0x86d15948]
22:38:30.937 5 PCTCore.sys[f72fb82d] -> nt!IofCallDriver -> \Device\00000067[0x86d85f18]
22:38:30.937 7 ACPI.sys[f74ea620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d92940]
22:38:31.921 AVAST engine scan C:\WINDOWS
22:38:48.140 AVAST engine scan C:\WINDOWS\system32
22:40:59.421 AVAST engine scan C:\WINDOWS\system32\drivers
22:41:19.203 AVAST engine scan C:\Documents and Settings\Mary Forgione
22:43:39.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mary Forgione\My Documents\MBR.dat"
22:43:39.046 The log file has been saved successfully to "C:\Documents and Settings\Mary Forgione\My Documents\aswMBR.txt"
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mary Forgione at 22:48:03 on 2012-06-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.384 [GMT -4:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1196384047\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Microsoft Works\WksWP.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Protector by IB: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\protector by ib\Extension32.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [HostManager] c:\program files\common files\aol\1196384047\ee\AOLSoftware.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: motive.com\patttbc.att
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{039BC112-797C-492E-B17E-B2194D804BFC} : DhcpNameServer = 167.206.251.130 167.206.251.129
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-6-9 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-6-9 342168]
R1 MpKslf6737c92;MpKslf6737c92;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\MpKslf6737c92.sys [2012-6-13 29904]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-6-9 203088]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-6-9 575416]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\protector by ib\ExtensionUpdaterService.exe [2012-4-25 185856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-6-9 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-6-9 1118648]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-6-9 70736]
S1 axijmkwc;axijmkwc;\??\c:\windows\system32\drivers\axijmkwc.sys --> c:\windows\system32\drivers\axijmkwc.sys [?]
S1 frahugpl;frahugpl;\??\c:\windows\system32\drivers\frahugpl.sys --> c:\windows\system32\drivers\frahugpl.sys [?]
S1 gghcyyvs;gghcyyvs;\??\c:\windows\system32\drivers\gghcyyvs.sys --> c:\windows\system32\drivers\gghcyyvs.sys [?]
S1 msgxxslg;msgxxslg;\??\c:\windows\system32\drivers\msgxxslg.sys --> c:\windows\system32\drivers\msgxxslg.sys [?]
S1 ooertbom;ooertbom;\??\c:\windows\system32\drivers\ooertbom.sys --> c:\windows\system32\drivers\ooertbom.sys [?]
S1 tbdjgeud;tbdjgeud;\??\c:\windows\system32\drivers\tbdjgeud.sys --> c:\windows\system32\drivers\tbdjgeud.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-25 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
.
=============== Created Last 30 ================
.
2012-06-13 13:32:10 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\MpKslf6737c92.sys
2012-06-13 05:07:43 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\offreg.dll
2012-06-12 22:12:56 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\mpengine.dll
2012-06-12 21:58:51 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-12 21:53:56 -------- d-sh--w- C:\found.000
2012-06-10 04:29:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 04:18:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-10 03:27:37 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-10 03:27:33 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-06-10 03:27:28 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-10 03:25:29 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-06-10 03:25:29 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-10 03:25:25 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-06-10 03:25:25 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-06-10 03:09:09 -------- d-----w- c:\documents and settings\mary forgione\application data\DriverCure
2012-06-10 03:09:08 -------- d-----w- c:\documents and settings\mary forgione\application data\SpeedMaxPc
2012-06-10 03:08:58 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-06-10 02:30:15 -------- d-----w- c:\documents and settings\mary forgione\local settings\application data\Threat Expert
2012-06-10 01:56:07 -------- d-----w- c:\program files\PC Tools
2012-06-10 01:18:56 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-10 01:18:56 -------- d-----w- c:\program files\common files\PC Tools
2012-06-10 01:18:37 -------- d-----w- c:\documents and settings\mary forgione\application data\TestApp
2012-06-10 01:18:37 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-05-26 04:13:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-26 04:13:21 215920 ----a-w- c:\windows\system32\muweb.dll
2012-05-26 04:13:21 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-25 15:01:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-19 18:29:05 -------- d-----w- c:\documents and settings\mary forgione\application data\RealNetworks
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 22:50:04.64 ==============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2007 7:49:39 PM
System Uptime: 6/13/2012 8:49:36 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel Pentium II processor | Socket 775 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 27.145 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1087: 3/27/2012 4:43:06 PM - Installed AVG 2012
RP1088: 3/27/2012 4:43:34 PM - Installed AVG 2012
RP1089: 3/28/2012 5:29:42 AM - Software Distribution Service 3.0
RP1090: 3/29/2012 6:38:22 AM - System Checkpoint
RP1091: 3/30/2012 6:52:57 AM - System Checkpoint
RP1092: 3/31/2012 8:23:38 AM - System Checkpoint
RP1093: 4/2/2012 4:44:49 PM - System Checkpoint
RP1094: 4/3/2012 5:01:35 PM - System Checkpoint
RP1095: 4/4/2012 7:02:41 PM - System Checkpoint
RP1096: 4/5/2012 9:01:37 PM - System Checkpoint
RP1097: 4/7/2012 2:44:55 AM - System Checkpoint
RP1098: 4/8/2012 3:20:01 AM - System Checkpoint
RP1099: 4/9/2012 3:21:43 AM - System Checkpoint
RP1100: 4/10/2012 4:20:47 AM - System Checkpoint
RP1101: 4/11/2012 8:14:09 AM - System Checkpoint
RP1102: 4/12/2012 3:00:15 AM - Software Distribution Service 3.0
RP1103: 4/13/2012 1:38:37 PM - System Checkpoint
RP1104: 4/14/2012 3:10:52 PM - System Checkpoint
RP1105: 4/15/2012 3:37:05 PM - System Checkpoint
RP1106: 4/16/2012 5:01:20 PM - System Checkpoint
RP1107: 4/17/2012 5:37:17 PM - System Checkpoint
RP1108: 4/17/2012 8:30:06 PM - Installed QuickTime
RP1109: 4/18/2012 9:31:45 PM - System Checkpoint
RP1110: 4/19/2012 10:56:47 PM - System Checkpoint
RP1111: 4/20/2012 11:31:43 PM - System Checkpoint
RP1112: 4/22/2012 1:21:40 AM - System Checkpoint
RP1113: 4/23/2012 3:21:40 AM - System Checkpoint
RP1114: 4/24/2012 10:39:20 AM - System Checkpoint
RP1115: 4/24/2012 8:54:29 PM - avast! Free Antivirus Setup
RP1116: 4/25/2012 11:03:12 PM - System Checkpoint
RP1117: 4/26/2012 11:37:47 PM - System Checkpoint
RP1118: 4/28/2012 12:18:34 AM - System Checkpoint
RP1119: 4/29/2012 1:35:04 AM - System Checkpoint
RP1120: 4/30/2012 3:35:04 AM - System Checkpoint
RP1121: 5/1/2012 5:09:20 PM - System Checkpoint
RP1122: 5/2/2012 6:50:22 PM - System Checkpoint
RP1123: 5/3/2012 8:50:22 PM - System Checkpoint
RP1124: 5/4/2012 9:52:13 PM - System Checkpoint
RP1125: 5/5/2012 11:52:13 PM - System Checkpoint
RP1126: 5/7/2012 2:24:59 AM - System Checkpoint
RP1127: 5/8/2012 3:19:52 AM - System Checkpoint
RP1128: 5/9/2012 5:19:57 AM - System Checkpoint
RP1129: 5/10/2012 3:00:14 AM - Software Distribution Service 3.0
RP1130: 5/11/2012 3:22:32 AM - System Checkpoint
RP1131: 5/12/2012 5:22:32 AM - System Checkpoint
RP1132: 5/13/2012 10:26:31 PM - System Checkpoint
RP1133: 5/15/2012 2:32:51 AM - System Checkpoint
RP1134: 5/16/2012 3:26:56 AM - System Checkpoint
RP1135: 5/17/2012 5:26:57 AM - System Checkpoint
RP1136: 5/18/2012 7:30:09 AM - System Checkpoint
RP1137: 5/19/2012 7:54:20 AM - System Checkpoint
RP1138: 5/20/2012 9:54:20 AM - System Checkpoint
RP1139: 5/21/2012 12:14:00 PM - System Checkpoint
RP1140: 5/22/2012 3:13:10 PM - System Checkpoint
RP1141: 5/23/2012 10:23:17 PM - System Checkpoint
RP1142: 5/25/2012 10:45:01 AM - avast! Free Antivirus Setup
RP1143: 5/25/2012 10:51:41 AM - Removed AVG 2012
RP1144: 5/25/2012 10:53:10 AM - Removed AVG 2012
RP1145: 5/25/2012 11:01:12 AM - Software Distribution Service 3.0
RP1146: 5/26/2012 3:00:16 AM - Software Distribution Service 3.0
RP1147: 5/27/2012 1:48:00 AM - Software Distribution Service 3.0
RP1148: 5/27/2012 9:40:36 AM - Software Distribution Service 3.0
RP1149: 5/28/2012 9:41:42 AM - Software Distribution Service 3.0
RP1150: 5/29/2012 9:40:45 AM - Software Distribution Service 3.0
RP1151: 5/30/2012 9:40:55 AM - Software Distribution Service 3.0
RP1152: 5/31/2012 9:40:59 AM - Software Distribution Service 3.0
RP1153: 6/1/2012 9:41:06 AM - Software Distribution Service 3.0
RP1154: 6/2/2012 9:40:58 AM - Software Distribution Service 3.0
RP1155: 6/3/2012 1:46:43 AM - Software Distribution Service 3.0
RP1156: 6/3/2012 9:40:57 AM - Software Distribution Service 3.0
RP1157: 6/4/2012 3:00:24 AM - Software Distribution Service 3.0
RP1158: 6/5/2012 3:22:44 AM - System Checkpoint
RP1159: 6/5/2012 3:30:11 AM - Software Distribution Service 3.0
RP1160: 6/5/2012 4:26:57 PM - Software Distribution Service 3.0
RP1161: 6/6/2012 4:26:44 PM - Software Distribution Service 3.0
RP1162: 6/7/2012 4:26:40 PM - Software Distribution Service 3.0
RP1163: 6/8/2012 4:26:40 PM - Software Distribution Service 3.0
RP1164: 6/9/2012 4:27:46 PM - Software Distribution Service 3.0
RP1165: 6/10/2012 12:35:21 AM - Software Distribution Service 3.0
RP1166: 6/10/2012 2:38:48 AM - Software Distribution Service 3.0
RP1167: 6/11/2012 9:23:21 AM - System Checkpoint
RP1168: 6/11/2012 10:02:49 AM - Software Distribution Service 3.0
RP1169: 6/12/2012 5:42:00 PM - Software Distribution Service 3.0
RP1170: 6/12/2012 6:12:28 PM - Software Distribution Service 3.0
RP1171: 6/13/2012 2:54:22 PM - System Checkpoint
RP1172: 6/13/2012 9:26:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
5600
5600_Help
5600Trb
Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AiO_Scan
AiOSoftware
AOL Registration
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
AT&T Internet Security Wizard 1.5.11
AT&T Self Support Tool
Browser Address Error Redirector
Browser Guard 4.0
BufferChm
Conexant D850 56K V.9x DFVc Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DellSupport
Destinations
DeviceManagementQFolder
Dictionary.com Toolbar
Dictionary.com Toolbar Updater
Digital Line Detect
DocProc
eSupportQFolder
Fax
Final Media Player 2010
Google Chrome
Google Desktop
Google Earth
Google Update Helper
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 8.7.0 (Basic)
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
My.Freeze.com NetAssistant
NetWaiting
NewCopy
PowerDVD
PriceGong 2.1.0
ProductContext
Protector by IB 2.0.0.426
QualxServ Service Agreement
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
ScannerCopy
SearchAssist
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Shop to Win 2
SolutionCenter
Sonic Activation Module
Status
TrayApp
Unload
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2718704)
Viewpoint Media Player
WeatherBug
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/13/2012 9:34:10 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/13/2012 9:02:28 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1867.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80072efd Error description: A connection with the server could not be established
6/13/2012 8:59:01 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 861f6d78, parameter3 861f6eec, parameter4 805c863c.
6/13/2012 7:57:48 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
6/13/2012 7:57:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'change.log' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/13/2012 7:57:02 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
6/13/2012 7:57:02 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Real\RealPlayer\update\setu3270.dll. Reference error message: The operation completed successfully. .
6/13/2012 7:55:03 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
6/13/2012 7:55:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
6/13/2012 7:55:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
6/13/2012 2:23:33 PM, error: PCTCore [280] -
6/13/2012 2:19:15 PM, error: System Error [1003] - Error code c000021a, parameter1 e75c8138, parameter2 c0000006, parameter3 7e79c7d9, parameter4 0127e224.
6/12/2012 6:34:35 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2012 5:56:32 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/12/2012 5:55:00 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.127.1752.0;1.127.1752.0 Engine version: 1.1.8403.0
.
==== End Of File =========================
-
June 15th, 2012, 12:22 PM
#4
Welcome aboard
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
===========================================================
Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.
You're running two AV programs, AVG and MSE.
One of them has to go.
If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities
When done....
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.exe- Double-click on the Rkill icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
June 17th, 2012, 07:14 PM
#5
well take it one step at atime
I cannot access my firewall on control panel. should I do anythng about that at this time.
I want to delete a trial version of pc tools spyware doctor but it is not on the list of add remove programs and there is no uninstall. If you could recommend something.
I uninstalled avg but I guess I didn't get it all. which remover should I use 32 or 64 bit
-
June 17th, 2012, 07:36 PM
#6
Your computer is 32-bit.
Don't worry about Windows firewall for now.
-
June 20th, 2012, 11:33 AM
#7
combo fix still detecting avg
I don;t think avg remover is running heres the log from the most recent attempt. it s large ans i may need two responses to get it all the log is 131000 and the reply limit is 50ooo pleas advise. heres the first third or so
2012-06-20 02:49:32,343 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-06-20 02:49:32,343 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:32,343 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:32,343 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-06-20 02:49:32,343 INFO Command line: "C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe"
2012-06-20 02:49:32,343 WARN AvgDir param empty.
2012-06-20 02:49:32,343 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\Documents and Settings\All Users\Application Data\AVG2012', use this path as default.
2012-06-20 02:49:34,031 INFO AvgRemover runs in attempt number 1
2012-06-20 02:49:34,031 INFO Attempting to unregister AVG from the Windows Security Center.
2012-06-20 02:49:34,046 INFO Attempting to uninstall AVG Identity Protection.
2012-06-20 02:49:34,265 INFO Attempting to uninstall toolbar
2012-06-20 02:49:34,265 INFO ***** Msi data *****
2012-06-20 02:49:34,265 DEBUG No product code found for our upgrade codes, nothing to do here
2012-06-20 02:49:34,265 INFO ***** Exchange&Outlook plugins data *****
2012-06-20 02:49:34,265 INFO Removing AvgOutlook addin
2012-06-20 02:49:34,265 INFO AvgOutlook Removing HKCR addin keys x86
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-06-20 02:49:34,265 INFO AvgOutlook Removing HKCR addin keys x64
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-06-20 02:49:34,265 INFO Removing Sharepoint plugin if exists
2012-06-20 02:49:34,265 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-06-20 02:49:34,265 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-06-20 02:49:34,265 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
2012-06-20 02:49:34,265 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
2012-06-20 02:49:34,265 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
2012-06-20 02:49:34,265 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
2012-06-20 02:49:34,265 INFO ***** Services *****
2012-06-20 02:49:34,265 INFO Processing service avg8emc, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avg8emc is not installed
2012-06-20 02:49:34,281 DEBUG Service avg8emc RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avg8emc are not present
2012-06-20 02:49:34,281 INFO Processing service avgfws8, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avgfws8 is not installed
2012-06-20 02:49:34,281 DEBUG Service avgfws8 RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avgfws8 are not present
2012-06-20 02:49:34,281 INFO Processing service avg8wd, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avg8wd is not installed
2012-06-20 02:49:34,281 DEBUG Service avg8wd RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avg8wd are not present
2012-06-20 02:49:34,281 INFO Processing service AvgWFPx, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service AvgWFPx is not installed
2012-06-20 02:49:34,281 DEBUG Service AvgWFPx RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service AvgWFPx are not present
2012-06-20 02:49:34,281 INFO Processing service AvgWFPa, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service AvgWFPa is not installed
2012-06-20 02:49:34,281 DEBUG Service AvgWFPa RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service AvgWFPa are not present
2012-06-20 02:49:34,281 INFO Processing service avg9wd, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avg9wd is not installed
2012-06-20 02:49:34,281 DEBUG Service avg9wd RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avg9wd are not present
2012-06-20 02:49:34,281 INFO Processing service AvgMfx86, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service AvgMfx86 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgMfx86 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgMfx86 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgMfx64, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgMfx64 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgMfx64 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgMfx64 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgLdx86, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgLdx86 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgLdx86 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgLdx86 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgLdx64, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgLdx64 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgLdx64 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgLdx64 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgTdiX, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgTdiX is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgTdiX RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgTdiX are not present
2012-06-20 02:49:34,296 INFO Processing service AvgTdiA, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgTdiA is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgTdiA RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgTdiA are not present
2012-06-20 02:49:34,296 INFO Processing service AvgWfpX, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgWfpX is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgWfpX RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgWfpX are not present
2012-06-20 02:49:34,312 INFO Processing service AvgWfpA, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgWfpA is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgWfpA RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgWfpA are not present
2012-06-20 02:49:34,312 INFO Processing service AvgRkx86, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgRkx86 is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgRkx86 RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgRkx86 are not present
2012-06-20 02:49:34,312 INFO Processing service AvgRkx64, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgRkx64 is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgRkx64 RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgRkx64 are not present
2012-06-20 02:49:34,312 INFO Processing service avg9emc, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service avg9emc is not installed
2012-06-20 02:49:34,312 DEBUG Service avg9emc RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service avg9emc are not present
2012-06-20 02:49:34,312 INFO Processing service avgfws9, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service avgfws9 is not installed
2012-06-20 02:49:34,312 DEBUG Service avgfws9 RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service avgfws9 are not present
2012-06-20 02:49:34,312 INFO Processing service avgfws, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service avgfws is not installed
2012-06-20 02:49:34,312 DEBUG Service avgfws RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service avgfws are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSAgent, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSAgent is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSAgent RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSAgent are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSWatcher, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSWatcher is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSWatcher RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSWatcher are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSShimxpx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSShimxpx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSShimxpx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSShimxpx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSFilterxpx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSFilterxpx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSDriverxpx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSDriverxpx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSShimvtx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSShimvtx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSShimvtx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSShimvtx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSFiltervtx is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSFiltervtx RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSDrivervtx is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSDrivervtx RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSFiltervta, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSFiltervta is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSFiltervta RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFiltervta are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSDrivervta, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSDrivervta is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSDrivervta RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSDrivervta are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSShimw7x, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSShimw7x is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSShimw7x RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSShimw7x are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSFilterw7x is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSFilterw7x RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSDriverw7x is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSDriverw7x RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSFilterw7a is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSFilterw7a RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSDriverw7a is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSDriverw7a RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrxpx is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrxpx RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrvtx is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrvtx RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrvta, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrvta is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrvta RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrvta are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrw7x is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrw7x RegCleanup
2012-06-20 02:49:34,375 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2012-06-20 02:49:34,375 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
2012-06-20 02:49:34,375 INFO Service AVGIDSErHrw7a is not installed
2012-06-20 02:49:34,375 DEBUG Service AVGIDSErHrw7a RegCleanup
2012-06-20 02:49:34,375 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2012-06-20 02:49:34,375 INFO Processing service avgwd, it can take several minutes...
2012-06-20 02:49:34,375 INFO Service avgwd is not installed
2012-06-20 02:49:34,375 DEBUG Service avgwd RegCleanup
2012-06-20 02:49:34,375 DEBUG Registry keys for service avgwd are not present
2012-06-20 02:49:34,375 INFO ***** Avg Fw NDIS driver(separate process) *****
2012-06-20 02:49:34,468 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-06-20 02:49:34,468 DEBUG Deleting stuck RunOnce value from registry.
2012-06-20 02:49:34,468 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:34,468 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:34,468 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-06-20 02:49:34,468 INFO Command line: "C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe" /ndisonly /skipask
2012-06-20 02:49:34,468 WARN AvgDir param empty.
2012-06-20 02:49:34,468 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\Documents and Settings\All Users\Application Data\AVG2012', use this path as default.
2012-06-20 02:49:34,468 INFO AvgRemover runs in attempt number 1
2012-06-20 02:49:34,468 INFO ***** Avg Fw NDIS driver *****
2012-06-20 02:49:34,468 INFO ...this operation can take several minutes...
2012-06-20 02:49:34,484 INFO FW removing policy
2012-06-20 02:49:34,687 INFO FW NDIS driver not present
2012-06-20 02:49:34,703 DEBUG Remove NDIS driver pass, next uninstalation step is 10, old was 1
2012-06-20 02:49:34,703 INFO ***** end of Fw NDIS separated process *****
2012-06-20 02:49:34,703 INFO ***** Drivers *****
2012-06-20 02:49:34,703 INFO ***** Running AVG process *****
2012-06-20 02:49:35,437 INFO ***** Registry keys and values *****
2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1E73965B-8B48-48be-9C8D-68B920ABC1C4} Remove
2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1E73965B-8B48-48be-9C8D-68B920ABC1C4} is not present
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt ForceRemove
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt not found
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt not found
2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,468 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,531 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,531 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,531 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,531 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdi
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdi not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,593 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
2012-06-20 02:49:35,593 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,593 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
2012-06-20 02:49:35,593 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
2012-06-20 02:49:35,609 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\Control\GroupOrderList
2012-06-20 02:49:35,609 DEBUG Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG Remove
2012-06-20 02:49:35,609 INFO Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG is not present
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avg
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avg ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avg not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avgfwfd
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVG Security Toolbar Service
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avgfws
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfws ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfws not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSAgent
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSDriver
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSEH
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSFilter
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgldx64
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgldx86
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx64
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx86
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\
-
June 20th, 2012, 07:29 PM
#8
Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.
Then try Revo to uninstall AVG...
Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.- Please download and install Revo Uninstaller Free
- Double click Revo Uninstaller to run it.
- From the list of programs double click on the program you want to remove
- When prompted if you want to uninstall click Yes.
- Be sure the Moderate option is selected then click Next.
- The program will run, If prompted again click Yes
- When the built-in uninstaller is finished click on Next
- Once the program has searched for leftovers click Next.
- Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
- When prompted click on Yes and then on Next.
- Put a check on any folders that are found and select Delete
- When prompted select Yes then Next
- Once done click Finish.
-
June 20th, 2012, 10:38 PM
#9
mbam log
I will try to remove avg again
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.20.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mary Forgione :: MARY [administrator]
6/20/2012 7:48:45 PM
mbam-log-2012-06-20 (19-48-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 428750
Time elapsed: 1 hour(s), 15 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.
Files Detected: 7
C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\fhocdmhohpjjbaamenhbaidaoihaiflb.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.
(end)
-
June 20th, 2012, 10:50 PM
#10
-
June 20th, 2012, 10:54 PM
#11
-
June 21st, 2012, 11:08 AM
#12
confirm
Just want to be sure. Combofix prompts me about possible danger running it with an active virus scanner. i should cliock ok and run it anyway.
-
June 21st, 2012, 06:55 PM
#13
-
June 22nd, 2012, 12:11 AM
#14
combo fix log
heres the log what do I do next
ComboFix 12-06-21.02 - Mary Forgione 06/21/2012 21:39:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.376 [GMT -4:00]
Running from: c:\documents and settings\Mary Forgione\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Guest\Application Data\PriceGong
c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Mary Forgione\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\Mary Forgione\Application Data\PriceGong
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\z.xml
c:\program files\Freeze.com\My.Freeze.com NetAssistant\NeTAssistant.dll
c:\program files\Protector by IB\ExTEnsion32.dll
c:\program files\Shop to Win 2\ShOPpingbho.dll
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\@
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\1afb2d56
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\201d3dde
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7d3dafd103a8533f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\download
c:\windows\system32\download\ispinfo.csv
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 02:09 . 2012-06-22 02:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
2012-06-21 01:48 . 2012-06-21 01:52 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-21 01:48 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\program files\VS Revo Group
2012-06-20 14:15 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\mpengine.dll
2012-06-18 03:29 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 03:15 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 21:53 . 2012-06-12 21:53 -------- d-----w- C:\found.000
2012-06-10 04:29 . 2012-06-10 04:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 04:18 . 2012-06-10 04:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-10 03:27 . 2012-05-11 15:08 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-10 03:27 . 2012-05-11 15:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-06-10 03:27 . 2012-05-11 15:14 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-10 03:25 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-06-10 03:25 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-10 03:25 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-06-10 03:25 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\DriverCure
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\SpeedMaxPc
2012-06-10 03:08 . 2012-06-10 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-10 02:30 . 2012-06-10 02:30 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\Threat Expert
2012-06-10 01:57 . 2012-05-08 22:21 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-06-10 01:57 . 2012-05-08 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-06-10 01:57 . 2012-05-08 22:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-06-10 01:57 . 2012-05-08 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-06-10 01:57 . 2012-05-08 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-06-10 01:56 . 2012-06-10 03:27 -------- d-----w- c:\program files\PC Tools
2012-06-10 01:18 . 2012-06-10 05:07 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-10 01:18 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-10 01:18 . 2012-06-10 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-10 01:18 . 2012-06-10 01:18 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\TestApp
2012-05-26 04:13 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-26 04:13 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-05-25 15:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 17:51 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 21:47 . 2012-06-10 01:57 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 21:47 . 2012-06-10 01:57 131 ----a-w- c:\windows\IDB.zip
2012-05-04 13:12 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56 . 2010-12-25 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-13 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1196384047\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-06 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-06-14 01:41 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 09:40 16384 ----a-w- c:\dell\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-30 18:11 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1196384047\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-06-14 00:21 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-06-14 00:21 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
2007-05-03 18:12 2061816 ----a-w- c:\program files\AT&T\Internet Security Wizard\ISW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-14 00:21 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-14 01:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 14:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/9/2012 11:25 PM 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/9/2012 11:25 PM 342168]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/9/2012 9:18 PM 203088]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [6/9/2012 9:57 PM 575416]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [4/25/2012 8:00 PM 185856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [6/9/2012 11:27 PM 402336]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [6/9/2012 9:57 PM 70736]
S1 axijmkwc;axijmkwc;\??\c:\windows\system32\drivers\axijmkwc.sys --> c:\windows\system32\drivers\axijmkwc.sys [?]
S1 frahugpl;frahugpl;\??\c:\windows\system32\drivers\frahugpl.sys --> c:\windows\system32\drivers\frahugpl.sys [?]
S1 gghcyyvs;gghcyyvs;\??\c:\windows\system32\drivers\gghcyyvs.sys --> c:\windows\system32\drivers\gghcyyvs.sys [?]
S1 MpKslecf76eb8;MpKslecf76eb8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys [?]
S1 msgxxslg;msgxxslg;\??\c:\windows\system32\drivers\msgxxslg.sys --> c:\windows\system32\drivers\msgxxslg.sys [?]
S1 ooertbom;ooertbom;\??\c:\windows\system32\drivers\ooertbom.sys --> c:\windows\system32\drivers\ooertbom.sys [?]
S1 tbdjgeud;tbdjgeud;\??\c:\windows\system32\drivers\tbdjgeud.sys --> c:\windows\system32\drivers\tbdjgeud.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/25/2007 6:32 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/20/2012 9:48 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-05-04 19:43]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 22:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-21 22:53:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 02:53
.
Pre-Run: 32,680,919,040 bytes free
Post-Run: 33,734,696,960 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 812B65A5C586EF2A5E7A6CC13F4E423B
-
June 22nd, 2012, 12:23 AM
#15
1. Please open Notepad (Start>All Programs>Accessories>Notepad).
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
File::
c:\windows\system32\drivers\axijmkwc.sys
c:\windows\system32\drivers\frahugpl.sys
c:\windows\system32\drivers\msgxxslg.sys
c:\windows\system32\drivers\gghcyyvs.sys
c:\windows\system32\drivers\ooertbom.sys
c:\windows\system32\drivers\tbdjgeud.sys
Folder::
Driver::
axijmkwc
frahugpl
gghcyyvs
MpKslecf76eb8
msgxxslg
ooertbom
tbdjgeud
Registry::
ClearJavaCache::
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|