Jump to content

Need to be sure Trojans, Virus are gone!


Guest cassiereroni
 Share

Recommended Posts

Guest cassiereroni

I posted for some help with virus and hijack problem couple of weeks ago. Before I could get back here my computer basically locked up. It got as slow as molassas in July and refused to connect to the internet. So I took it to a "repair person". Only to bring it home to find out that basically the only thing he seemed to fix is the ability to connect to the internet, albeit very slow and the login account that got the initial infection, he just deleted.

I did some cleaning as far as taking a couple of programs off that I hadn't been using and this sped it up a bit. I changed antivirus' from Avira to Avast and that helped a bit more. I don't know what is going on with the firewall. I had the full version of AVG a couple of years ago, before circumstances forced me to give up the internet altogether. The subscribtion ran out a few days before that happened and like a dummy I used the Add/Remove Program to uninstall it. I had just gotten internet back when I was hit with that Windows Hijack/Virus hit my computer. And I have just found out that the AVG firewall seems to be attached to the Windows Firewall. I have tried to re-install the program and uninstall using the remover tool to no avail. AVG sent me another remover tool to use and that didn't work either. I'm waiting to hear back from them now on what else to do. In the meantime, I have the Windows Firewall turned on but it tells me it's AVG and I can't install another one until that one is fixed. Wanted to tell all of that in case someone asked me about my firewall.

Anyway, way back then, my grandson clicked on something while he was logged on with his account and that Windows imposter infected the computer. I ran a malware scan and it caught and deleted 3 files I think it was. I do still have that log if needed. However, since a lot of things have been changed on my computer I figured I needed to run some new scans and logs. So here are the new ones. The only old one I have left on here is the one in Malwarebytes.

_________________________________mbam-log-2011-06-19(10-55-55)____________________________________________________

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6896

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/19/2011 10:55:56 AM

mbam-log-2011-06-19 (10-55-55).txt

Scan type: Quick scan

Objects scanned: 171439

Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

_____________________________________________hijackthis.log________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:09:21 PM, on 6/19/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java

attach.zip

Link to post
Share on other sites

  • Replies 110
  • Created
  • Last Reply

Top Posters In This Topic

Hello cassiereroni and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

-------------

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure Advanced Mode is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck Resident TeaTimer and OK any prompts

You can re-enable TeaTimer once your system is clean.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Guest cassiereroni

Just found your reply. I will be doing all of this shortly but I wanted you to know that I have checked in and will be working on this as soon as I get back from the bank. I don't have a printer so I will stop up to the library and print a copy of what you replied. Then I'll be back to work on it.

cassiereroni

Link to post
Share on other sites

Just found your reply. I will be doing all of this shortly but I wanted you to know that I have checked in and will be working on this as soon as I get back from the bank. I don't have a printer so I will stop up to the library and print a copy of what you replied. Then I'll be back to work on it.

Take your time. ;) Thanks for letting me know. :)

Link to post
Share on other sites

Guest cassiereroni

I have the TDSSKiller file. They showed nothing.

==============TDSSKiller Report==========

2011/06/23 20:07:54.0953 4064 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/23 20:07:56.0078 4064 ================================================================================

2011/06/23 20:07:56.0078 4064 SystemInfo:

2011/06/23 20:07:56.0078 4064

2011/06/23 20:07:56.0078 4064 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/23 20:07:56.0078 4064 Product type: Workstation

2011/06/23 20:07:56.0078 4064 ComputerName: OWNER-9DAD30EFF

2011/06/23 20:07:56.0078 4064 UserName: Mom

2011/06/23 20:07:56.0078 4064 Windows directory: C:\WINDOWS

2011/06/23 20:07:56.0078 4064 System windows directory: C:\WINDOWS

2011/06/23 20:07:56.0078 4064 Processor architecture: Intel x86

2011/06/23 20:07:56.0078 4064 Number of processors: 1

2011/06/23 20:07:56.0078 4064 Page size: 0x1000

2011/06/23 20:07:56.0078 4064 Boot type: Normal boot

2011/06/23 20:07:56.0078 4064 ================================================================================

2011/06/23 20:07:59.0796 4064 Initialize success

2011/06/23 20:08:04.0406 0772 ================================================================================

2011/06/23 20:08:04.0406 0772 Scan started

2011/06/23 20:08:04.0406 0772 Mode: Manual;

2011/06/23 20:08:04.0406 0772 ================================================================================

2011/06/23 20:08:06.0109 0772 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/06/23 20:08:06.0359 0772 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/23 20:08:06.0515 0772 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/23 20:08:06.0703 0772 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/23 20:08:06.0828 0772 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/06/23 20:08:07.0343 0772 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/06/23 20:08:08.0031 0772 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/06/23 20:08:08.0156 0772 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/06/23 20:08:08.0265 0772 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/06/23 20:08:08.0406 0772 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys

2011/06/23 20:08:08.0578 0772 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys

2011/06/23 20:08:08.0734 0772 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/06/23 20:08:08.0859 0772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/23 20:08:08.0968 0772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/23 20:08:09.0234 0772 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/23 20:08:09.0421 0772 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/23 20:08:09.0593 0772 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/23 20:08:09.0734 0772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/23 20:08:09.0921 0772 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/23 20:08:10.0046 0772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/23 20:08:10.0187 0772 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/23 20:08:10.0718 0772 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/23 20:08:10.0890 0772 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/23 20:08:11.0062 0772 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/23 20:08:11.0187 0772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/23 20:08:11.0312 0772 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/23 20:08:11.0515 0772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/23 20:08:11.0687 0772 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/23 20:08:11.0828 0772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/23 20:08:11.0953 0772 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/23 20:08:12.0062 0772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/23 20:08:12.0187 0772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/23 20:08:12.0312 0772 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys

2011/06/23 20:08:12.0421 0772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/23 20:08:12.0531 0772 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/23 20:08:12.0640 0772 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/23 20:08:12.0765 0772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/23 20:08:12.0890 0772 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/23 20:08:13.0093 0772 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/06/23 20:08:13.0218 0772 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/06/23 20:08:13.0328 0772 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/06/23 20:08:13.0453 0772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/23 20:08:13.0718 0772 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/23 20:08:13.0921 0772 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/06/23 20:08:14.0109 0772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/23 20:08:14.0312 0772 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/23 20:08:14.0421 0772 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/23 20:08:14.0531 0772 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/23 20:08:14.0656 0772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/23 20:08:14.0765 0772 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/23 20:08:14.0875 0772 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/23 20:08:15.0000 0772 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/23 20:08:15.0109 0772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/23 20:08:15.0234 0772 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/23 20:08:15.0375 0772 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/23 20:08:15.0500 0772 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/23 20:08:15.0640 0772 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/23 20:08:15.0921 0772 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2011/06/23 20:08:16.0109 0772 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/06/23 20:08:16.0250 0772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/23 20:08:16.0375 0772 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/23 20:08:16.0484 0772 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/23 20:08:16.0593 0772 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/23 20:08:16.0703 0772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/23 20:08:16.0984 0772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/23 20:08:17.0156 0772 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/23 20:08:17.0343 0772 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/23 20:08:17.0468 0772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/23 20:08:17.0593 0772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/23 20:08:17.0718 0772 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/23 20:08:17.0843 0772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/23 20:08:17.0968 0772 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/23 20:08:18.0109 0772 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/23 20:08:18.0250 0772 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/23 20:08:18.0375 0772 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/23 20:08:18.0484 0772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/23 20:08:18.0593 0772 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/23 20:08:18.0718 0772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/23 20:08:18.0843 0772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/23 20:08:19.0093 0772 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/23 20:08:19.0234 0772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/23 20:08:19.0421 0772 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/23 20:08:19.0531 0772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/23 20:08:19.0656 0772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/23 20:08:19.0812 0772 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/06/23 20:08:19.0953 0772 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/06/23 20:08:20.0078 0772 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/06/23 20:08:20.0218 0772 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/23 20:08:20.0343 0772 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/23 20:08:20.0453 0772 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/23 20:08:20.0625 0772 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/23 20:08:20.0796 0772 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/06/23 20:08:20.0921 0772 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/23 20:08:21.0453 0772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/23 20:08:21.0578 0772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/23 20:08:21.0687 0772 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/23 20:08:22.0062 0772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/23 20:08:22.0203 0772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/23 20:08:22.0343 0772 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/23 20:08:22.0437 0772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/23 20:08:22.0593 0772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/23 20:08:22.0781 0772 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/23 20:08:22.0921 0772 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/23 20:08:23.0078 0772 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/23 20:08:23.0203 0772 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/23 20:08:23.0484 0772 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/06/23 20:08:23.0640 0772 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/06/23 20:08:23.0796 0772 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/23 20:08:23.0921 0772 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/23 20:08:24.0031 0772 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/23 20:08:24.0203 0772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/23 20:08:24.0468 0772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/23 20:08:24.0656 0772 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/23 20:08:24.0781 0772 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/23 20:08:24.0937 0772 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys

2011/06/23 20:08:25.0078 0772 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\WINDOWS\system32\Drivers\StMp3Rec.sys

2011/06/23 20:08:25.0171 0772 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/23 20:08:25.0343 0772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/23 20:08:25.0703 0772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/23 20:08:25.0859 0772 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/23 20:08:26.0062 0772 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/23 20:08:26.0234 0772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/23 20:08:26.0406 0772 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/23 20:08:26.0640 0772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/23 20:08:26.0843 0772 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/23 20:08:27.0062 0772 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/06/23 20:08:27.0234 0772 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/23 20:08:27.0343 0772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/23 20:08:27.0468 0772 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/23 20:08:27.0656 0772 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/23 20:08:27.0937 0772 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/23 20:08:28.0046 0772 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

2011/06/23 20:08:28.0156 0772 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/23 20:08:28.0281 0772 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/23 20:08:28.0406 0772 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2011/06/23 20:08:28.0515 0772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/23 20:08:28.0687 0772 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/23 20:08:28.0843 0772 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/23 20:08:28.0968 0772 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/06/23 20:08:29.0171 0772 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/23 20:08:29.0437 0772 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/06/23 20:08:29.0546 0772 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/23 20:08:29.0718 0772 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/23 20:08:29.0859 0772 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/06/23 20:08:30.0125 0772 ================================================================================

2011/06/23 20:08:30.0125 0772 Scan finished

2011/06/23 20:08:30.0125 0772 ================================================================================

2011/06/23 20:08:30.0156 3248 Detected object count: 0

2011/06/23 20:08:30.0156 3248 Actual detected object count: 0

I have been working feverishly trying to get AVG firewall off of my computer so I can do the combofix but I just can't seem to get if off.

I have reinstalled the program twice. Used the uninstall tool from AVG, revo uninstaller and that appremover that you suggested. None of them will take the AVG firewall that's attached to my Windows Firewall off. I recieved another email from AVG telling me to Open Network and Internet Connection, right click on Local Area Connection>Properties and Uncheck all boxes, select AVG Network filter driver and put a check on it, click un-install.

Did all that but when I got into Properties there was no AVG Network Filter driver. So I couldn't uninstall it from there.

They next advise that I Un-install/reinstall your network driver. Ummm, I don't know how to do that and I don't have any program disc's for this computer. I was one of the unlucky ones that bought an HP Pavilion and they put all of that on another drive on the computer. Which I can, for some reason, no longer access. It's there but I can't seem to get at it.

Do you have any other suggestions on how to get that AVG dettached from my Windows Firewall?

I'm sooo confused.

cassiereroni

Link to post
Share on other sites

Guest cassiereroni

I just did the security check and here's the log from that:

Results of screen317's Security Check version 0.99.15

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 26

Adobe Flash Player 10.3.181.26

Adobe Reader X (10.1.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

Hmmm... that is indeed odd. :huh:

Let's try the following and see if it works. :)

Download the AVG Removal Tool and save it to your Desktop. Don't run it yet.

Next, please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Once in Safe Mode, please locate the AVG Removal tool on your Desktop, and run it.

After it has run (and hopefully fully removed it this time), please reboot to Normal Mode.

After that, try running ComboFix.

Let me know if that helps. ;)

Link to post
Share on other sites

Guest cassiereroni

Good Lord!

Ok, after telling you I tried to uninstall with revouninstaller, I couldn't rememeber if I had tried that so just to be safe I reinstalled AVG from the 2011 free trial. Then I ran revo. It found a bunch of files I hadn't seen before so I went ahead with the uninstall.

Didn't work.

So I did as you said and restarted in Safe Mode and ran the AVGremover tool. (see log below)

Kinda halfway worked. Now when I click to shut down Windows Firewall it still tells me that AVG Firewall has been shut off. But now when I restart windows firewall it tells me that Windows Firewall is working (or whatever the specific wording is).

Here is the log of the AVGremover tool:

2011-06-24 04:39:42,531 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)

2011-06-24 04:39:42,593 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)

2011-06-24 04:39:42,593 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)

2011-06-24 04:39:42,593 WARN AvgDir param empty.

2011-06-24 04:39:42,593 WARN AvgDataDir param empty.

2011-06-24 04:39:43,984 INFO AvgRemover runs in attempt number 1

2011-06-24 04:39:43,984 INFO ***** Services *****

2011-06-24 04:39:43,984 INFO Processing service avg8emc

2011-06-24 04:39:43,984 INFO Service avg8emc is not installed

2011-06-24 04:39:43,984 DEBUG Service avg8emc RegCleanup

2011-06-24 04:39:43,984 DEBUG Registry keys for service avg8emc are not present

2011-06-24 04:39:43,984 INFO Processing service avgfws8

2011-06-24 04:39:44,000 INFO Service avgfws8 is not installed

2011-06-24 04:39:44,000 DEBUG Service avgfws8 RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service avgfws8 are not present

2011-06-24 04:39:44,000 INFO Processing service avg8wd

2011-06-24 04:39:44,000 INFO Service avg8wd is not installed

2011-06-24 04:39:44,000 DEBUG Service avg8wd RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service avg8wd are not present

2011-06-24 04:39:44,000 INFO Processing service AvgWFPx

2011-06-24 04:39:44,000 INFO Service AvgWFPx is not installed

2011-06-24 04:39:44,000 DEBUG Service AvgWFPx RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service AvgWFPx are not present

2011-06-24 04:39:44,000 INFO Processing service AvgWFPa

2011-06-24 04:39:44,000 INFO Service AvgWFPa is not installed

2011-06-24 04:39:44,000 DEBUG Service AvgWFPa RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service AvgWFPa are not present

2011-06-24 04:39:44,000 INFO Processing service AvgMfx86

2011-06-24 04:39:44,000 INFO Service AvgMfx86 is not installed

2011-06-24 04:39:44,000 DEBUG Service AvgMfx86 RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service AvgMfx86 are not present

2011-06-24 04:39:44,000 INFO Processing service AvgMfx64

2011-06-24 04:39:44,000 INFO Service AvgMfx64 is not installed

2011-06-24 04:39:44,000 DEBUG Service AvgMfx64 RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service AvgMfx64 are not present

2011-06-24 04:39:44,000 INFO Processing service AvgLdx86

2011-06-24 04:39:44,000 INFO Service AvgLdx86 is not installed

2011-06-24 04:39:44,000 DEBUG Service AvgLdx86 RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service AvgLdx86 are not present

2011-06-24 04:39:44,000 INFO Processing service AvgLdx64

2011-06-24 04:39:44,000 INFO Service AvgLdx64 is not installed

2011-06-24 04:39:44,000 DEBUG Service AvgLdx64 RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service AvgLdx64 are not present

2011-06-24 04:39:44,000 INFO Processing service AvgTdiX

2011-06-24 04:39:44,000 INFO Service AvgTdiX is not installed

2011-06-24 04:39:44,000 DEBUG Service AvgTdiX RegCleanup

2011-06-24 04:39:44,000 DEBUG Registry keys for service AvgTdiX are not present

2011-06-24 04:39:44,000 INFO Processing service AvgTdiA

2011-06-24 04:39:44,015 INFO Service AvgTdiA is not installed

2011-06-24 04:39:44,015 DEBUG Service AvgTdiA RegCleanup

2011-06-24 04:39:44,015 DEBUG Registry keys for service AvgTdiA are not present

2011-06-24 04:39:44,015 INFO Processing service AvgRkx86

2011-06-24 04:39:44,015 INFO Service AvgRkx86 is not installed

2011-06-24 04:39:44,031 DEBUG Service AvgRkx86 RegCleanup

2011-06-24 04:39:44,031 DEBUG Registry keys for service AvgRkx86 are not present

2011-06-24 04:39:44,031 INFO Processing service AvgRkx64

2011-06-24 04:39:44,031 INFO Service AvgRkx64 is not installed

2011-06-24 04:39:44,046 DEBUG Service AvgRkx64 RegCleanup

2011-06-24 04:39:44,046 DEBUG Registry keys for service AvgRkx64 are not present

2011-06-24 04:39:44,046 INFO Processing service avg9emc

2011-06-24 04:39:44,046 INFO Service avg9emc is not installed

2011-06-24 04:39:44,046 DEBUG Service avg9emc RegCleanup

2011-06-24 04:39:44,046 DEBUG Registry keys for service avg9emc are not present

2011-06-24 04:39:44,046 INFO Processing service avgfws9

2011-06-24 04:39:44,062 INFO Service avgfws9 is not installed

2011-06-24 04:39:44,062 DEBUG Service avgfws9 RegCleanup

2011-06-24 04:39:44,062 DEBUG Registry keys for service avgfws9 are not present

2011-06-24 04:39:44,062 INFO Processing service avg9wd

2011-06-24 04:39:44,078 INFO Service avg9wd is not installed

2011-06-24 04:39:44,078 DEBUG Service avg9wd RegCleanup

2011-06-24 04:39:44,078 DEBUG Registry keys for service avg9wd are not present

2011-06-24 04:39:44,078 INFO Processing service AVGIDSAgent

2011-06-24 04:39:44,078 INFO Service AVGIDSAgent is not installed

2011-06-24 04:39:44,093 DEBUG Service AVGIDSAgent RegCleanup

2011-06-24 04:39:44,093 DEBUG Registry keys for service AVGIDSAgent are not present

2011-06-24 04:39:44,093 INFO Processing service AVGIDSShimxpx

2011-06-24 04:39:44,093 INFO Service AVGIDSShimxpx is not installed

2011-06-24 04:39:44,109 DEBUG Service AVGIDSShimxpx RegCleanup

2011-06-24 04:39:44,109 DEBUG Registry keys for service AVGIDSShimxpx are not present

2011-06-24 04:39:44,109 INFO Processing service AVGIDSFilterxpx

2011-06-24 04:39:44,109 INFO Service AVGIDSFilterxpx is not installed

2011-06-24 04:39:44,125 DEBUG Service AVGIDSFilterxpx RegCleanup

2011-06-24 04:39:44,125 DEBUG Registry keys for service AVGIDSFilterxpx are not present

2011-06-24 04:39:44,125 INFO Processing service AVGIDSDriverxpx

2011-06-24 04:39:44,125 INFO Service AVGIDSDriverxpx is not installed

2011-06-24 04:39:44,125 DEBUG Service AVGIDSDriverxpx RegCleanup

2011-06-24 04:39:44,125 DEBUG Registry keys for service AVGIDSDriverxpx are not present

2011-06-24 04:39:44,125 INFO Processing service AVGIDSShimvtx

2011-06-24 04:39:44,140 INFO Service AVGIDSShimvtx is not installed

2011-06-24 04:39:44,140 DEBUG Service AVGIDSShimvtx RegCleanup

2011-06-24 04:39:44,140 DEBUG Registry keys for service AVGIDSShimvtx are not present

2011-06-24 04:39:44,140 INFO Processing service AVGIDSFiltervtx

2011-06-24 04:39:44,156 INFO Service AVGIDSFiltervtx is not installed

2011-06-24 04:39:44,156 DEBUG Service AVGIDSFiltervtx RegCleanup

2011-06-24 04:39:44,156 DEBUG Registry keys for service AVGIDSFiltervtx are not present

2011-06-24 04:39:44,156 INFO Processing service AVGIDSDrivervtx

2011-06-24 04:39:44,156 INFO Service AVGIDSDrivervtx is not installed

2011-06-24 04:39:44,171 DEBUG Service AVGIDSDrivervtx RegCleanup

2011-06-24 04:39:44,171 DEBUG Registry keys for service AVGIDSDrivervtx are not present

2011-06-24 04:39:44,171 INFO Processing service AVGIDSFiltervta

2011-06-24 04:39:44,171 INFO Service AVGIDSFiltervta is not installed

2011-06-24 04:39:44,187 DEBUG Service AVGIDSFiltervta RegCleanup

2011-06-24 04:39:44,187 DEBUG Registry keys for service AVGIDSFiltervta are not present

2011-06-24 04:39:44,187 INFO Processing service AVGIDSDrivervta

2011-06-24 04:39:44,187 INFO Service AVGIDSDrivervta is not installed

2011-06-24 04:39:44,187 DEBUG Service AVGIDSDrivervta RegCleanup

2011-06-24 04:39:44,187 DEBUG Registry keys for service AVGIDSDrivervta are not present

2011-06-24 04:39:44,187 INFO Processing service AVGIDSShimw7x

2011-06-24 04:39:44,203 INFO Service AVGIDSShimw7x is not installed

2011-06-24 04:39:44,203 DEBUG Service AVGIDSShimw7x RegCleanup

2011-06-24 04:39:44,203 DEBUG Registry keys for service AVGIDSShimw7x are not present

2011-06-24 04:39:44,203 INFO Processing service AVGIDSFilterw7x

2011-06-24 04:39:44,218 INFO Service AVGIDSFilterw7x is not installed

2011-06-24 04:39:44,218 DEBUG Service AVGIDSFilterw7x RegCleanup

2011-06-24 04:39:44,218 DEBUG Registry keys for service AVGIDSFilterw7x are not present

2011-06-24 04:39:44,218 INFO Processing service AVGIDSDriverw7x

2011-06-24 04:39:44,218 INFO Service AVGIDSDriverw7x is not installed

2011-06-24 04:39:44,234 DEBUG Service AVGIDSDriverw7x RegCleanup

2011-06-24 04:39:44,234 DEBUG Registry keys for service AVGIDSDriverw7x are not present

2011-06-24 04:39:44,234 INFO Processing service AVGIDSFilterw7a

2011-06-24 04:39:44,250 INFO Service AVGIDSFilterw7a is not installed

2011-06-24 04:39:44,250 DEBUG Service AVGIDSFilterw7a RegCleanup

2011-06-24 04:39:44,250 DEBUG Registry keys for service AVGIDSFilterw7a are not present

2011-06-24 04:39:44,250 INFO Processing service AVGIDSDriverw7a

2011-06-24 04:39:44,250 INFO Service AVGIDSDriverw7a is not installed

2011-06-24 04:39:44,265 DEBUG Service AVGIDSDriverw7a RegCleanup

2011-06-24 04:39:44,265 DEBUG Registry keys for service AVGIDSDriverw7a are not present

2011-06-24 04:39:44,265 INFO Processing service AVGIDSErHrxpx

2011-06-24 04:39:44,265 INFO Service AVGIDSErHrxpx is not installed

2011-06-24 04:39:44,281 DEBUG Service AVGIDSErHrxpx RegCleanup

2011-06-24 04:39:44,281 DEBUG Registry keys for service AVGIDSErHrxpx are not present

2011-06-24 04:39:44,281 INFO Processing service AVGIDSErHrvtx

2011-06-24 04:39:44,281 INFO Service AVGIDSErHrvtx is not installed

2011-06-24 04:39:44,281 DEBUG Service AVGIDSErHrvtx RegCleanup

2011-06-24 04:39:44,281 DEBUG Registry keys for service AVGIDSErHrvtx are not present

2011-06-24 04:39:44,281 INFO Processing service AVGIDSErHrvta

2011-06-24 04:39:44,296 INFO Service AVGIDSErHrvta is not installed

2011-06-24 04:39:44,296 DEBUG Service AVGIDSErHrvta RegCleanup

2011-06-24 04:39:44,296 DEBUG Registry keys for service AVGIDSErHrvta are not present

2011-06-24 04:39:44,296 INFO Processing service AVGIDSErHrw7x

2011-06-24 04:39:44,312 INFO Service AVGIDSErHrw7x is not installed

2011-06-24 04:39:44,312 DEBUG Service AVGIDSErHrw7x RegCleanup

2011-06-24 04:39:44,312 DEBUG Registry keys for service AVGIDSErHrw7x are not present

2011-06-24 04:39:44,312 INFO Processing service AVGIDSErHrw7a

2011-06-24 04:39:44,312 INFO Service AVGIDSErHrw7a is not installed

2011-06-24 04:39:44,328 DEBUG Service AVGIDSErHrw7a RegCleanup

2011-06-24 04:39:44,328 DEBUG Registry keys for service AVGIDSErHrw7a are not present

2011-06-24 04:39:44,328 INFO ***** Registry keys and values *****

2011-06-24 04:39:44,328 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions

2011-06-24 04:39:44,343 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove

2011-06-24 04:39:44,343 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present

2011-06-24 04:39:44,359 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions

2011-06-24 04:39:44,359 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove

2011-06-24 04:39:44,359 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present

2011-06-24 04:39:44,375 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt

2011-06-24 04:39:44,390 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove

2011-06-24 04:39:44,390 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found

2011-06-24 04:39:44,390 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt

2011-06-24 04:39:44,406 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove

2011-06-24 04:39:44,406 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found

2011-06-24 04:39:44,406 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms

2011-06-24 04:39:44,406 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove

2011-06-24 04:39:44,406 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found

2011-06-24 04:39:44,421 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg

2011-06-24 04:39:44,421 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove

2011-06-24 04:39:44,421 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found

2011-06-24 04:39:44,421 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg

2011-06-24 04:39:44,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove

2011-06-24 04:39:44,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found

2011-06-24 04:39:44,437 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}

2011-06-24 04:39:44,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove

2011-06-24 04:39:44,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found

2011-06-24 04:39:44,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2011-06-24 04:39:44,468 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2011-06-24 04:39:44,468 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2011-06-24 04:39:44,468 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar

2011-06-24 04:39:44,468 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove

2011-06-24 04:39:44,468 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present

2011-06-24 04:39:44,484 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2011-06-24 04:39:44,500 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2011-06-24 04:39:44,500 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2011-06-24 04:39:44,500 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions

2011-06-24 04:39:44,515 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove

2011-06-24 04:39:44,515 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present

2011-06-24 04:39:44,515 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions

2011-06-24 04:39:44,531 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove

2011-06-24 04:39:44,531 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present

2011-06-24 04:39:44,546 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

2011-06-24 04:39:44,562 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify

2011-06-24 04:39:44,562 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified

2011-06-24 04:39:44,562 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2011-06-24 04:39:44,562 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove

2011-06-24 04:39:44,562 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present

2011-06-24 04:39:44,578 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2011-06-24 04:39:44,593 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove

2011-06-24 04:39:44,593 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present

2011-06-24 04:39:44,609 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2011-06-24 04:39:44,609 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove

2011-06-24 04:39:44,609 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present

2011-06-24 04:39:44,625 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

2011-06-24 04:39:44,640 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove

2011-06-24 04:39:44,640 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present

2011-06-24 04:39:44,656 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run

2011-06-24 04:39:44,656 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove

2011-06-24 04:39:44,656 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present

2011-06-24 04:39:44,671 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run

2011-06-24 04:39:44,687 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove

2011-06-24 04:39:44,687 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present

2011-06-24 04:39:44,703 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall

2011-06-24 04:39:44,703 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove

2011-06-24 04:39:44,703 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found

2011-06-24 04:39:44,703 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall

2011-06-24 04:39:44,718 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove

2011-06-24 04:39:44,718 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found

2011-06-24 04:39:44,718 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall

2011-06-24 04:39:44,734 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove

2011-06-24 04:39:44,734 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found

2011-06-24 04:39:44,734 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}

2011-06-24 04:39:44,750 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove

2011-06-24 04:39:44,750 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found

2011-06-24 04:39:44,750 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3

2011-06-24 04:39:44,765 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove

2011-06-24 04:39:44,765 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found

2011-06-24 04:39:44,765 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3

2011-06-24 04:39:44,781 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove

2011-06-24 04:39:44,781 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found

2011-06-24 04:39:44,781 INFO Processing registry SOFTWARE\Classes\AvgDiagFile

2011-06-24 04:39:44,781 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove

2011-06-24 04:39:44,781 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found

2011-06-24 04:39:44,781 INFO Processing registry SOFTWARE\Classes\AvgDiagFile

2011-06-24 04:39:44,781 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove

2011-06-24 04:39:44,781 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found

2011-06-24 04:39:44,781 INFO Processing registry SOFTWARE\Classes\.avgdi

2011-06-24 04:39:44,796 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove

2011-06-24 04:39:44,796 DEBUG Key SOFTWARE\Classes\.avgdi not found

2011-06-24 04:39:44,796 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension

2011-06-24 04:39:44,796 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove

2011-06-24 04:39:44,796 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found

2011-06-24 04:39:44,796 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension

2011-06-24 04:39:44,812 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove

2011-06-24 04:39:44,812 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found

2011-06-24 04:39:44,812 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension

2011-06-24 04:39:44,828 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove

2011-06-24 04:39:44,828 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found

2011-06-24 04:39:44,828 INFO Processing registry SOFTWARE\AVG\Clients

2011-06-24 04:39:44,828 DEBUG Key SOFTWARE\AVG\Clients ForceRemove

2011-06-24 04:39:44,828 DEBUG Key SOFTWARE\AVG\Clients not found

2011-06-24 04:39:44,828 INFO Processing registry SOFTWARE\AVG\AVG8

2011-06-24 04:39:44,843 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove

2011-06-24 04:39:44,843 DEBUG Key SOFTWARE\AVG\AVG8 not found

2011-06-24 04:39:44,843 INFO Processing registry SOFTWARE\AVG\AVG9

2011-06-24 04:39:44,843 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove

2011-06-24 04:39:44,843 DEBUG Key SOFTWARE\AVG\AVG9 not found

2011-06-24 04:39:44,843 INFO Processing registry SOFTWARE\AVG\AVG IDS

2011-06-24 04:39:44,843 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove

2011-06-24 04:39:44,843 DEBUG Key SOFTWARE\AVG\AVG IDS not found

2011-06-24 04:39:44,859 INFO Processing registry SOFTWARE\AVG

2011-06-24 04:39:44,859 DEBUG Value SOFTWARE\AVG:DumpType Remove

2011-06-24 04:39:44,859 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found

2011-06-24 04:39:44,859 INFO Processing registry SOFTWARE\AVG

2011-06-24 04:39:44,859 DEBUG Key SOFTWARE\AVG Remove

2011-06-24 04:39:44,859 DEBUG Key SOFTWARE\AVG not found

2011-06-24 04:39:44,859 INFO Processing registry SOFTWARE\AVG Security Toolbar

2011-06-24 04:39:44,875 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove

2011-06-24 04:39:44,875 DEBUG Key SOFTWARE\AVG Security Toolbar not found

2011-06-24 04:39:44,875 INFO Processing registry SOFTWARE\AVG\AVG8

2011-06-24 04:39:44,875 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove

2011-06-24 04:39:44,875 DEBUG Key SOFTWARE\AVG\AVG8 not found

2011-06-24 04:39:44,875 INFO Processing registry SOFTWARE\AVG\AVG9

2011-06-24 04:39:44,875 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove

2011-06-24 04:39:44,875 DEBUG Key SOFTWARE\AVG\AVG9 not found

2011-06-24 04:39:44,875 INFO Processing registry SOFTWARE\AVG

2011-06-24 04:39:44,890 DEBUG Key SOFTWARE\AVG Remove

2011-06-24 04:39:44,890 DEBUG Key SOFTWARE\AVG not found

2011-06-24 04:39:44,890 INFO Processing registry SOFTWARE\AVG Security Toolbar

2011-06-24 04:39:44,890 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove

2011-06-24 04:39:44,890 DEBUG Key SOFTWARE\AVG Security Toolbar not found

2011-06-24 04:39:44,890 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks

2011-06-24 04:39:44,906 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove

2011-06-24 04:39:44,906 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present

2011-06-24 04:39:44,921 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2011-06-24 04:39:44,921 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2011-06-24 04:39:44,921 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2011-06-24 04:39:44,921 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser

2011-06-24 04:39:44,953 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove

2011-06-24 04:39:44,953 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present

2011-06-24 04:39:44,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2011-06-24 04:39:44,968 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2011-06-24 04:39:44,968 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2011-06-24 04:39:44,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}

2011-06-24 04:39:44,984 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove

2011-06-24 04:39:44,984 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found

2011-06-24 04:39:44,984 INFO Processing registry aAvgAPI.AvgBro

2011-06-24 04:39:44,984 DEBUG Key aAvgAPI.AvgBro ForceRemove

2011-06-24 04:39:44,984 DEBUG Key aAvgAPI.AvgBro not found

2011-06-24 04:39:44,984 INFO Processing registry AVG.Office

2011-06-24 04:39:45,000 DEBUG Key AVG.Office ForceRemove

2011-06-24 04:39:45,000 DEBUG Key AVG.Office not found

2011-06-24 04:39:45,000 INFO Processing registry AVG.Office.8

2011-06-24 04:39:45,000 DEBUG Key AVG.Office.8 ForceRemove

2011-06-24 04:39:45,000 DEBUG Key AVG.Office.8 not found

2011-06-24 04:39:45,000 INFO Processing registry avgtoolbar.AVGTOOLBAR

2011-06-24 04:39:45,015 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove

2011-06-24 04:39:45,015 DEBUG Key avgtoolbar.AVGTOOLBAR not found

2011-06-24 04:39:45,015 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button

2011-06-24 04:39:45,015 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove

2011-06-24 04:39:45,015 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found

2011-06-24 04:39:45,015 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button

2011-06-24 04:39:45,031 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove

2011-06-24 04:39:45,031 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found

2011-06-24 04:39:45,031 INFO Processing registry LinkScannerIE.NavFilter

2011-06-24 04:39:45,031 DEBUG Key LinkScannerIE.NavFilter ForceRemove

2011-06-24 04:39:45,031 DEBUG Key LinkScannerIE.NavFilter not found

2011-06-24 04:39:45,031 INFO Processing registry LinkScannerIE.NavFilter.1

2011-06-24 04:39:45,046 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove

2011-06-24 04:39:45,046 DEBUG Key LinkScannerIE.NavFilter.1 not found

2011-06-24 04:39:45,046 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}

2011-06-24 04:39:45,062 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove

2011-06-24 04:39:45,062 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found

2011-06-24 04:39:45,062 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}

2011-06-24 04:39:45,062 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove

2011-06-24 04:39:45,062 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found

2011-06-24 04:39:45,062 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

2011-06-24 04:39:45,078 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove

2011-06-24 04:39:45,078 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found

2011-06-24 04:39:45,078 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

2011-06-24 04:39:45,093 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove

2011-06-24 04:39:45,093 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found

2011-06-24 04:39:45,093 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

2011-06-24 04:39:45,109 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove

2011-06-24 04:39:45,109 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found

2011-06-24 04:39:45,109 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}

2011-06-24 04:39:45,109 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove

2011-06-24 04:39:45,109 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found

2011-06-24 04:39:45,109 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}

2011-06-24 04:39:45,125 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove

2011-06-24 04:39:45,125 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found

2011-06-24 04:39:45,125 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}

2011-06-24 04:39:45,140 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove

2011-06-24 04:39:45,140 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found

2011-06-24 04:39:45,140 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}

2011-06-24 04:39:45,156 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove

2011-06-24 04:39:45,156 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found

2011-06-24 04:39:45,156 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}

2011-06-24 04:39:45,156 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove

2011-06-24 04:39:45,156 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found

2011-06-24 04:39:45,156 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}

2011-06-24 04:39:45,171 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove

2011-06-24 04:39:45,171 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found

2011-06-24 04:39:45,171 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2011-06-24 04:39:45,187 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2011-06-24 04:39:45,187 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2011-06-24 04:39:45,187 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}

2011-06-24 04:39:45,203 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove

2011-06-24 04:39:45,203 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found

2011-06-24 04:39:45,203 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}

2011-06-24 04:39:45,203 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove

2011-06-24 04:39:45,203 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found

2011-06-24 04:39:45,203 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}

2011-06-24 04:39:45,218 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove

2011-06-24 04:39:45,218 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found

2011-06-24 04:39:45,218 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}

2011-06-24 04:39:45,234 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove

2011-06-24 04:39:45,250 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found

2011-06-24 04:39:45,250 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}

2011-06-24 04:39:45,265 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove

2011-06-24 04:39:45,265 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found

2011-06-24 04:39:45,265 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}

2011-06-24 04:39:45,265 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove

2011-06-24 04:39:45,265 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found

2011-06-24 04:39:45,265 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

2011-06-24 04:39:45,281 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove

2011-06-24 04:39:45,281 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found

2011-06-24 04:39:45,281 INFO ***** Files and folders *****

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 0

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 1

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 2

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 3

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 4

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 5

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 6

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 7

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 8

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 9

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 10

2011-06-24 04:39:45,281 DEBUG Missing ParentDir path for fileItem number 11

2011-06-24 04:39:45,296 DEBUG Missing ParentDir path for fileItem number 12

2011-06-24 04:39:45,296 DEBUG Missing ParentDir path for fileItem number 13

2011-06-24 04:39:45,296 DEBUG Missing ParentDir path for fileItem number 14

2011-06-24 04:39:45,296 DEBUG Missing ParentDir path for fileItem number 15

2011-06-24 04:39:45,296 DEBUG Missing ParentDir path for fileItem number 16

2011-06-24 04:39:45,296 DEBUG Processing item C:\Documents and Settings\Mom\Application Data\AVGTOOLBAR

2011-06-24 04:39:45,296 INFO Directory C:\Documents and Settings\Mom\Application Data\AVGTOOLBAR not found

2011-06-24 04:39:45,296 DEBUG Processing item C:\WINDOWS\System32\Drivers

2011-06-24 04:39:45,296 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0

2011-06-24 04:39:45,296 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found

2011-06-24 04:39:45,312 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0

2011-06-24 04:39:45,312 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found

2011-06-24 04:39:45,328 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5

2011-06-24 04:39:45,328 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5 not found

2011-06-24 04:39:45,343 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5

2011-06-24 04:39:45,343 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5 not found

2011-06-24 04:39:45,343 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk

2011-06-24 04:39:45,343 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found

2011-06-24 04:39:45,359 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk

2011-06-24 04:39:45,359 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found

2011-06-24 04:39:45,375 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk

2011-06-24 04:39:45,375 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk not found

2011-06-24 04:39:45,375 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk

2011-06-24 04:39:45,375 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk not found

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 27

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 28

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 29

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 30

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 31

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 32

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 33

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 34

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 35

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 36

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 37

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 38

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 39

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 40

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 41

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 42

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 43

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 44

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 45

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 46

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 47

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 48

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 49

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 50

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 51

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 52

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 53

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 54

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 55

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 56

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 57

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 58

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 59

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 60

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 61

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 62

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 63

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 64

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 65

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 66

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 67

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 68

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 69

2011-06-24 04:39:45,390 DEBUG Missing ParentDir path for fileItem number 70

2011-06-24 04:39:45,390 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages

2011-06-24 04:39:45,390 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found

2011-06-24 04:39:45,406 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

2011-06-24 04:39:45,406 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found

2011-06-24 04:39:45,421 DEBUG Processing item C:\WINDOWS\System32\Drivers

2011-06-24 04:39:45,421 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk

2011-06-24 04:39:45,421 INFO File C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk not found

2011-06-24 04:39:45,437 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk

2011-06-24 04:39:45,437 INFO File C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk not found

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 76

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 77

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 78

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 79

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 80

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 81

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 82

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 83

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 84

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 85

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 86

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 87

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 88

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 89

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 90

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 91

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 92

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 93

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 94

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 95

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 96

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 97

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 98

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 99

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 100

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 101

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 102

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 103

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 104

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 105

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 106

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 107

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 108

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 109

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 110

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 111

2011-06-24 04:39:45,437 DEBUG Missing ParentDir path for fileItem number 112

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 113

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 114

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 115

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 116

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 117

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 118

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 119

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 120

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 121

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 122

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 123

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 124

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 125

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 126

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 127

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 128

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 129

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 130

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 131

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 132

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 133

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 134

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 135

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 136

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 137

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 138

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 139

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 140

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 141

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 142

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 143

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 144

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 145

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 146

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 147

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 148

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 149

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 150

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 151

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 152

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 153

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 154

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 155

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 156

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 157

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 158

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 159

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 160

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 161

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 162

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 163

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 164

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 165

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 166

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 167

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 168

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 169

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 170

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 171

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 172

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 173

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 174

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 175

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 176

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 177

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 178

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 179

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 180

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 181

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 182

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 183

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 184

2011-06-24 04:39:45,453 DEBUG Missing ParentDir path for fileItem number 185

2011-06-24 04:39:45,453 DEBUG Processing item C:\WINDOWS\System32\Drivers

2011-06-24 04:39:45,453 DEBUG Processing item C:\WINDOWS\System32\Drivers

2011-06-24 04:39:45,453 DEBUG Processing item C:\WINDOWS\System32\Drivers

2011-06-24 04:39:45,453 DEBUG Processing item C:\WINDOWS\System32\Drivers

2011-06-24 04:39:45,453 DEBUG Processing item C:\WINDOWS\System32\Drivers

2011-06-24 04:39:45,453 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg

2011-06-24 04:39:45,453 INFO Directory C:\WINDOWS\System32\Drivers\avg not found

2011-06-24 04:39:45,468 DEBUG Processing item C:\WINDOWS\System32

2011-06-24 04:39:45,468 DEBUG Processing item C:\Program Files\AVG

2011-06-24 04:39:45,484 INFO Directory C:\Program Files\AVG deleted

2011-06-24 04:39:45,484 DEBUG Missing ParentDir path for fileItem number 194

2011-06-24 04:39:45,484 INFO ***** Avg Fw NDIS driver *****

2011-06-24 04:39:46,093 INFO FW NDIS driver not present

=======End Log======

I'm about ready to throw this thing out the window. If I could afford to buy another computer I would in a heartbeat but I can't so I'm stuck with this one.

cassiereroni

Link to post
Share on other sites

Guest cassiereroni

oops, guess your not anymore. :)

Gonna go and run that combofix and see if it helps anything.

Will leave a message with what happened.

cassiereroni

Link to post
Share on other sites

Didn't think you'd be here this late. :)

I'm baaaack! :D:lol:

Since the firewall shows up as "disabled" (and its really the main part of AVG that doesn't get along with ComboFix), go ahead and run ComboFix. Post the log (C:\ComboFix.txt) in your next reply please.

Link to post
Share on other sites

Guest cassiereroni

Ok, just got done with ComboFix. Here's the log of that:

============ComboFixLog====================

ComboFix 11-06-23.03 - Mom 06/24/2011 0:49.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.248.15 [GMT -5:00]

Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Downloaded Installers

c:\program files\Downloaded Installers\{E3870ACA-B46E-43B7-AE31-D18659FD85F0}\setup.msi

.

.

((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))

.

.

2011-06-24 04:39 . 2011-06-24 04:39 -------- d-----w- C:\AVGTemp

2011-06-24 04:01 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-06-24 04:01 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-24 04:01 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-06-24 04:01 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-06-24 04:01 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-06-24 04:01 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-06-24 04:01 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-06-24 04:01 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-06-24 03:58 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr

2011-06-24 03:58 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-06-24 02:56 . 2011-06-24 03:49 -------- d-----w- c:\documents and settings\Mom\Application Data\AVG10

2011-06-24 02:36 . 2011-06-24 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-23 19:38 . 2011-06-23 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-06-22 03:15 . 2011-06-22 03:23 -------- d-----w- c:\documents and settings\Bud

2011-06-22 02:04 . 2011-06-22 02:04 -------- d-----w- c:\documents and settings\Mom\Application Data\Windows Desktop Search

2011-06-21 23:48 . 2011-06-21 23:48 -------- d--h--w- c:\windows\PIF

2011-06-19 22:25 . 2011-06-24 00:42 -------- d-----w- c:\program files\rkfree

2011-06-19 19:46 . 2011-06-19 19:46 -------- d-----w- c:\program files\ieSpell

2011-06-19 15:19 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-19 15:19 . 2011-06-19 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-19 15:19 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-19 15:19 . 2011-06-19 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-19 13:36 . 2011-06-24 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-06-19 13:36 . 2011-06-19 13:36 -------- d-----w- c:\program files\AVAST Software

2011-06-18 03:07 . 2011-06-18 03:07 -------- d-----w- c:\documents and settings\Mom\Application Data\GlarySoft

2011-06-18 01:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-17 23:42 . 2011-06-17 23:42 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-06-17 23:42 . 2011-06-17 23:42 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2011-06-17 23:42 . 2011-06-17 23:42 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2011-06-17 23:42 . 2011-06-17 23:42 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2011-06-17 23:42 . 2011-06-17 23:42 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-06-17 23:42 . 2011-06-17 23:42 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-06-17 23:42 . 2011-06-17 23:42 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-06-17 23:41 . 2011-06-17 23:42 -------- d-----w- c:\program files\QuickTime

2011-06-17 23:41 . 2011-06-17 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-06-17 23:40 . 2011-06-17 23:40 -------- d-----w- c:\program files\Apple Software Update

2011-06-17 23:39 . 2011-06-17 23:39 -------- d-----w- c:\program files\Common Files\Apple

2011-06-17 23:39 . 2011-06-17 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-06-17 23:38 . 2011-06-17 23:38 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-17 23:35 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2011-06-17 23:34 . 2011-06-17 23:34 -------- d-----w- c:\program files\Acro Software

2011-06-17 23:34 . 2011-06-17 23:34 -------- d-----w- c:\program files\GPLGS

2011-06-17 23:34 . 2011-06-17 23:34 -------- d-----w- c:\program files\Glary Utilities

2011-06-17 23:34 . 2011-06-17 23:34 -------- d-----w- c:\program files\Speccy

2011-06-17 23:33 . 2011-06-17 23:33 -------- d-----w- c:\program files\Defraggler

2011-06-17 23:33 . 2011-06-17 23:33 -------- d-----w- c:\program files\Common Files\Java

2011-06-17 23:32 . 2011-06-17 23:32 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-06-06 17:55 . 2011-06-06 17:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-17 23:32 . 2011-05-24 05:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-17 23:28 . 2011-05-18 03:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-20 23:19 . 2008-05-06 17:54 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-20 23:19 . 2008-05-06 17:54 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-17 22:45 . 2011-05-17 22:45 2548 ----a-w- c:\windows\system32\tmp.reg

2011-05-02 15:31 . 2008-05-06 16:58 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-04 01:07 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 01:07 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 01:07 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 01:07 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"LeapFrog Connect Device Service"=2 (0x2)

"avgwd"=2 (0x2)

"a2free"=2 (0x2)

"AVGIDSAgent"=2 (0x2)

"AVG Security Toolbar Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/23/2011 11:01 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/23/2011 11:01 PM 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/23/2011 11:01 PM 19544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2011 10:19 AM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2011 10:19 AM 22712]

S1 MpKsl846505ac;MpKsl846505ac; [x]

S1 MpKslcf0a13ed;MpKslcf0a13ed; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/3/2010 1:06 PM 18560]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/3/2004 8:07 PM 14336]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 8:07 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-06-24 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-06-17 13:25]

.

2011-06-24 c:\windows\Tasks\User_Feed_Synchronization-{92973106-9D57-4BF1-AB62-0906CB834850}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-06-24 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-30 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

Trusted Zone: ricksrestorations.com\www

TCP: DhcpNameServer = 24.56.133.69 67.217.18.29

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{00F2C0C6-2194-484E-9064-44E57787867B} - (no file)

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)

MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe

MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-24 01:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-448539723-1454471165-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Completion time: 2011-06-24 01:07:42

ComboFix-quarantined-files.txt 2011-06-24 06:07

.

Pre-Run: 21,053,095,936 bytes free

Post-Run: 21,186,179,072 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - E0719AE60A8ED8ED54108FD7B0671C5A

=============================

I'm always up late. I have a hard time sleeping cause of pain.

Link to post
Share on other sites

I'm always up late. I have a hard time sleeping cause of pain.

I'm sorry to hear that :(.

Please do the following:

BackupYour Registry with ERUNT

  • Please go here, scroll down to ERUNT, and download.
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your Registry to the folder of your choice.

Note: To restore your Registry, go to the folder and start ERDNT.exe

-------------

The following should take care of both malware traces and AVG traces. ;)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

C:\AVGTemp

c:\documents and settings\Mom\Application Data\AVG10

C:\$AVG

Driver::

MpKsl846505ac

MpKslcf0a13ed

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AVG Security Toolbar Service"=-

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AVGIDSAgent"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_TRAY]

Regnull::

[HKEY_USERS\S-1-5-21-448539723-1454471165-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know of any new issues. ;)

Link to post
Share on other sites

Guest cassiereroni

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

*sigh* One of the kids threw a pen onto the desk while ComboFix was running and I was indisposed.. And they must have made contact with the mouse cause it's been running for 2 hrs and gotten no where. What should I do?

Link to post
Share on other sites

*sigh* One of the kids threw a pen onto the desk while ComboFix was running and I was indisposed.. And they must have made contact with the mouse cause it's been running for 2 hrs and gotten no where. What should I do?

Perform a force-reboot (hold the power button for 8+ seconds, then restart the computer). Then, try running the CFScript again, and let me know if any issues arise.

Link to post
Share on other sites

Guest cassiereroni

Please tell me it didn't stall again. :( I did close a message balloon telling me my antivirus was off. then clicked on the autoscan bar to turn it dark blue. I screwed up didn't I?

Link to post
Share on other sites

Guest cassiereroni

I don't imagine this matters but after I drop the CFScript file ontop of the ComboFix icon and it starts, it tells me there is a new version do I want to update. I click yes, it does its thing setting a restore point. Then it loads the Scanning for infected files screen. Where it stays. It had been on that screen for about 15 to 20 minutes before I closed that pop up.

Link to post
Share on other sites

Guest cassiereroni

A pop up saying Your computer might be at risk avast is turned off is displaying again. I turned off malwarebytes and click "shut avast off untill next restart" before I dropped CFScript onto ComboFix. I haven't touched anything. Haven't even moved the mouse. It's been (according to the clock over my desk which looks like its about 3 minutes slower than the clock on the computer) 15 minutes with no further advancement in ComboFix.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.