Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot install AV or security updates


  • This topic is locked This topic is locked
40 replies to this topic

#1 luv4mypc

luv4mypc

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 08 February 2011 - 10:04 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic377542.html ~ OB

I have been without AV for some time and security updates will not install.

I tried to run requested Scans , But Gmer freezes up shortly after it starts.
Thank you for helping !!


Here are the other Logs:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 17:33:08.46 on Tue 02/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.126 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdd0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdd0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - No File
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\run_startmenu.cmd
IE: c:\documents and settings\owner\application data\flashgetbho\GetAllFlvUrl.htm
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download all by FlashGet3 - c:\documents and settings\owner\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\owner\application data\flashgetbho\GetUrl.htm
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.luckynugget.co.uk/download_helper/Nyoko.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185159686328
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - hxxp://www.worldwinner.com/games/v46/sol/sol.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://vegasslot.microgaming.com/vegasslot/FlashAX.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-3-27 23064]

=============== Created Last 30 ================

2011-02-09 00:45:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-06 21:32:27 54016 ----a-w- c:\windows\system32\drivers\odwto.sys
2011-02-06 20:15:18 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-06 20:04:34 -------- d-----w- c:\docume~1\owner\applic~1\Avira
2011-02-03 18:42:17 91305284 ----a-w- C:\registrybackup.reg
2011-01-13 11:02:11 81920 ----a-w- c:\program files\common files\system\ado\SET7E1.tmp
2011-01-13 11:02:11 81920 ----a-w- c:\program files\common files\system\ado\SET7E0.tmp
2011-01-13 11:02:11 81920 ----a-w- c:\program files\common files\system\ado\SET7DF.tmp
2011-01-13 11:02:11 61440 ----a-w- c:\program files\common files\system\ado\SET7DE.tmp
2011-01-13 11:02:11 61440 ----a-w- c:\program files\common files\system\ado\SET7DD.tmp
2011-01-13 11:02:11 536576 ----a-w- c:\program files\common files\system\ado\SET7DC.tmp
2011-01-13 11:02:11 249856 ----a-w- c:\windows\system32\SET7E6.tmp
2011-01-13 11:02:11 200704 ----a-w- c:\program files\common files\system\ado\SET7E3.tmp
2011-01-13 11:02:11 180224 ----a-w- c:\program files\common files\system\ado\SET7E2.tmp
2011-01-13 11:02:11 102400 ----a-w- c:\program files\common files\system\ado\SET7E4.tmp

==================== Find3M ====================

2010-11-21 00:10:27 398744 ----a-r- c:\windows\cpnprt2.cid
2010-11-21 00:10:16 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 20:17:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-13 02:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 00:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 17:34:28.39 ===============

Attached Files


Edited by Orange Blossom, 08 February 2011 - 11:25 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:49 AM

Posted 15 February 2011 - 01:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the RKUnhooker anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run RKUnhooker and you may skip this step.


Why we request you disable CD Emulation when receiving Malware Removal Advice

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.
Note** You may get this warning:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Just ignore it, click Cancel, then Accept. :thumbup2:


Best Regards,
oneof4.

Best Regards,
oneof4.


#3 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 15 February 2011 - 06:46 PM

Hi there, Yeah I figured you guys are backed up, I asked Boopme to check where I was in line and he told me I was about to be helped ..so No Problem I APPRICIATE the Help so much :thumbup2:

Anyway, I can't seem to install ANY AV program and My PC will not install security updates.
I Ran several scans DDS, DeFogger,tdskiller and Eset. I posted the previous DDS above which I had ran on 2.12.11

Below is the new DDS you requested , will also run the RKunHooker and see what happens.

Thank you,
Liane


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 15:33:02.15 on Tue 02/15/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.97 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdd0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdd0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - No File
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\run_startmenu.cmd
IE: c:\documents and settings\owner\application data\flashgetbho\GetAllFlvUrl.htm
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download all by FlashGet3 - c:\documents and settings\owner\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\owner\application data\flashgetbho\GetUrl.htm
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.luckynugget.co.uk/download_helper/Nyoko.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185159686328
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - hxxp://www.worldwinner.com/games/v46/sol/sol.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://vegasslot.microgaming.com/vegasslot/FlashAX.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://submit.shutterstock.com/ImageUploader4.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-3-27 23064]

=============== Created Last 30 ================

2011-02-10 11:08:51 301568 ----a-w- c:\windows\system32\SET3C8.tmp
2011-02-10 11:08:39 285696 ----a-w- c:\windows\system32\SET3BC.tmp
2011-02-10 11:08:04 8462336 ----a-w- c:\windows\system32\SET3A9.tmp
2011-02-09 19:07:24 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2011-02-09 00:45:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-06 21:32:27 54016 ----a-w- c:\windows\system32\drivers\odwto.sys
2011-02-06 20:15:18 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-06 20:04:34 -------- d-----w- c:\docume~1\owner\applic~1\Avira
2011-02-03 18:42:17 91305284 ----a-w- C:\registrybackup.reg
2011-01-21 14:44:37 8462336 ----a-w- c:\windows\system32\SET3A4.tmp
2011-01-21 14:44:37 8462336 ------w- c:\windows\system32\SET4FC.tmp
2011-01-21 14:44:37 8462336 ------w- c:\windows\system32\SET4BC.tmp
2011-01-21 14:44:37 8462336 ------w- c:\windows\system32\SET431.tmp
2011-01-21 14:44:37 8462336 ------w- c:\windows\system32\SET3DD.tmp
2011-01-21 14:44:37 8462336 ------w- c:\windows\system32\SET34D.tmp
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ------w- c:\windows\system32\SET500.tmp
2011-01-07 14:09:02 290048 ------w- c:\windows\system32\SET4C0.tmp
2011-01-07 14:09:02 290048 ------w- c:\windows\system32\SET435.tmp
2011-01-07 14:09:02 290048 ------w- c:\windows\system32\SET3E1.tmp
2011-01-07 14:09:02 290048 ------w- c:\windows\system32\SET3B9.tmp
2011-01-07 14:09:02 290048 ------w- c:\windows\system32\SET355.tmp
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\SET3C5.tmp
2010-12-22 12:34:28 301568 ------w- c:\windows\system32\SET504.tmp
2010-12-22 12:34:28 301568 ------w- c:\windows\system32\SET4C4.tmp
2010-12-22 12:34:28 301568 ------w- c:\windows\system32\SET439.tmp
2010-12-22 12:34:28 301568 ------w- c:\windows\system32\SET3E7.tmp
2010-12-22 12:34:28 301568 ------w- c:\windows\system32\SET363.tmp
2010-12-21 13:29:20 11080704 ------w- c:\windows\system32\SET4F4.tmp
2010-12-21 13:29:20 11080704 ------w- c:\windows\system32\SET4B4.tmp
2010-12-21 13:29:20 11080704 ------w- c:\windows\system32\SET429.tmp
2010-12-21 13:29:20 11080704 ------w- c:\windows\system32\SET3CE.tmp
2010-12-21 13:29:20 11080704 ------w- c:\windows\system32\SET354.tmp
2010-12-21 13:29:20 11080704 ------w- c:\windows\system32\SET2F4.tmp
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-21 00:10:27 398744 ----a-r- c:\windows\cpnprt2.cid
2010-11-21 00:10:16 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 15:33:42.79 ===============

#4 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 15 February 2011 - 06:48 PM

OOPS, Forgot to Attach the Zip file..here it is.

Attached Files



#5 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 15 February 2011 - 07:05 PM

ok I can not run the unhooker ...i get error messages. is there another program i can use??

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 AM

Posted 17 February 2011 - 09:09 AM

Hello

My name is gringo and I will be Helping you from this point forward

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes unless I tell you so.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

If you have not done so please Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Here is the first thing I would like you to do.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 17 February 2011 - 06:10 PM

Hello gringo,
Thank you for helping me !

I ran Combofix..and I STILL can not install anti Virus program. I tried to install Avast
but it there was a installation error.

Here is the combofix log:

ComboFix 11-02-17.01 - Owner 02/17/2011 14:21:12.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.228 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\BITS
c:\documents and settings\Owner\Application Data\BITS\BITS.ini
c:\documents and settings\Owner\Recent\Thumbs.db
c:\program files\Internet Explorer\SET16A.tmp
c:\program files\Internet Explorer\SET16B.tmp
c:\program files\StormII
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 17:20 . 2011-02-17 17:20 -------- d-----w- c:\program files\PageRage
2011-02-17 17:20 . 2011-02-17 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-02-15 23:57 . 2011-02-16 00:03 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-02-15 23:55 . 2011-02-15 23:55 -------- d-----w- c:\program files\7-Zip
2011-02-10 11:08 . 2009-06-25 08:25 301568 ----a-w- c:\windows\system32\SET3C8.tmp
2011-02-10 11:08 . 2010-04-20 05:30 285696 ----a-w- c:\windows\system32\SET3BC.tmp
2011-02-10 11:08 . 2010-07-27 06:30 8462336 ----a-w- c:\windows\system32\SET3A9.tmp
2011-02-09 19:07 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2011-02-09 00:46 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-09 00:46 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-09 00:46 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-09 00:46 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-09 00:45 . 2011-02-09 00:46 -------- d-----w- c:\program files\Alwil Software
2011-02-09 00:45 . 2011-02-09 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-06 21:32 . 2011-02-06 21:32 54016 ----a-w- c:\windows\system32\drivers\odwto.sys
2011-02-06 20:15 . 2011-02-06 20:15 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-06 20:04 . 2011-02-06 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-02-03 18:42 . 2011-02-03 18:42 91305284 ----a-w- C:\registrybackup.reg
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ----a-w- c:\windows\system32\SET3A4.tmp
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\SET553.tmp
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\SET531.tmp
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\SET4FC.tmp
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\SET4BC.tmp
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\SET431.tmp
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\SET3DD.tmp
2011-01-21 14:44 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\SET34D.tmp
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-26 16:12 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET557.tmp
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET535.tmp
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET500.tmp
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET4C0.tmp
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET435.tmp
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET3E1.tmp
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET3B9.tmp
2011-01-07 14:09 . 2011-01-07 14:09 290048 ------w- c:\windows\system32\SET355.tmp
2010-12-31 13:10 . 2004-08-26 16:12 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2010-12-22 12:34 301568 ----a-w- c:\windows\system32\SET3C5.tmp
2010-12-22 12:34 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\SET55B.tmp
2010-12-22 12:34 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\SET539.tmp
2010-12-22 12:34 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\SET504.tmp
2010-12-22 12:34 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\SET4C4.tmp
2010-12-22 12:34 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\SET439.tmp
2010-12-22 12:34 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\SET3E7.tmp
2010-12-22 12:34 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\SET363.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET54B.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET529.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET4F4.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET4B4.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET429.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET3CE.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET354.tmp
2010-12-21 13:29 . 2010-12-21 13:29 11080704 ------w- c:\windows\system32\SET2F4.tmp
2010-12-21 02:09 . 2010-05-07 16:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-05-07 16:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-26 16:11 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-26 16:12 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-01 04:16 . 2010-12-01 04:17 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2010-11-21 00:10 . 2010-11-21 00:10 398744 ----a-r- c:\windows\cpnprt2.cid
2010-11-21 00:10 . 2010-11-21 00:10 398744 ------w- c:\windows\system32\cpnprt2.cid
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b552069b-7b85-492f-8b98-ccf409c93a39}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\OddsMaker\tbOdd0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-11 01:41 191488 ------w- c:\program files\PageRage\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b552069b-7b85-492f-8b98-ccf409c93a39}"= "c:\program files\OddsMaker\tbOdd0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B552069B-7B85-492F-8B98-CCF409C93A39}"= "c:\program files\OddsMaker\tbOdd0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2004-07-12 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 17:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
run_startmenu.cmd [2007-7-22 45]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\BetOnSoft\\Treasure Mile\\Code\\win32\\vc80\\release\\GameHost\\GameClient.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 4:10 PM 68168]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/27/2009 1:23 PM 23064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 14:37]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 14:37]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331974884-1450638761-1295202341-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 20:23]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331974884-1450638761-1295202341-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 20:23]

2011-02-17 c:\windows\Tasks\User_Feed_Synchronization-{A03B4998-70F0-46BB-B34C-650D953101BF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\documents and settings\Owner\Application Data\FlashGetBHO\GetAllFlvUrl.htm
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download all by FlashGet3 - c:\documents and settings\Owner\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Owner\Application Data\FlashGetBHO\GetUrl.htm
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.luckynugget.co.uk/download_helper/Nyoko.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-bjballroom - c:\microgaming\Casino\BJBallroom\install.exe
AddRemove-casinoclassic - c:\microgaming\Casino\CasinoClassic\install.exe
AddRemove-grandhotel - c:\casino\GrandHotel\install.exe
AddRemove-jackpotcity - c:\casino\JackpotCity\install.exe
AddRemove-Villento - c:\casino\Villento\install.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 14:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-02-17 14:52:08
ComboFix-quarantined-files.txt 2011-02-17 22:52
ComboFix2.txt 2010-07-19 05:31

Pre-Run: 59,058,163,712 bytes free
Post-Run: 60,389,576,704 bytes free

- - End Of File - - 6556E78334ED048DB090C532F61DCAC9

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 AM

Posted 17 February 2011 - 08:26 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\drivers\odwto.sys
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET553.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET4BC.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET557.tmp
c:\windows\system32\SET535.tmp
c:\windows\system32\SET500.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET435.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET55B.tmp
c:\windows\system32\SET539.tmp
c:\windows\system32\SET504.tmp
c:\windows\system32\SET4C4.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET54B.tmp
c:\windows\system32\SET529.tmp
c:\windows\system32\SET4F4.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET2F4.tmp


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 17 February 2011 - 10:27 PM

Gringo,
This is pretty scary :oHi ...I did as instructed above ,ran Combofix and combofix produced a message :
Combofix needs to submit malware files for further analysis.please make sure you are connected to the internet.

THATS what it is doing now, I am using another computer right now to give you this update.
Will post the result as soon as it's done.

#10 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 17 February 2011 - 10:39 PM

Hello gringo,

After Combofix tried to submit the files it said server was not accessible and to submit later.

ok Here is the new Log:


ComboFix 11-02-17.01 - Owner 02/17/2011 18:45:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.251 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\odwto.sys"
"c:\windows\system32\SET2F4.tmp"
"c:\windows\system32\SET34D.tmp"
"c:\windows\system32\SET354.tmp"
"c:\windows\system32\SET355.tmp"
"c:\windows\system32\SET363.tmp"
"c:\windows\system32\SET3A4.tmp"
"c:\windows\system32\SET3A9.tmp"
"c:\windows\system32\SET3B9.tmp"
"c:\windows\system32\SET3BC.tmp"
"c:\windows\system32\SET3C5.tmp"
"c:\windows\system32\SET3C8.tmp"
"c:\windows\system32\SET3CE.tmp"
"c:\windows\system32\SET3DD.tmp"
"c:\windows\system32\SET3E1.tmp"
"c:\windows\system32\SET3E7.tmp"
"c:\windows\system32\SET429.tmp"
"c:\windows\system32\SET431.tmp"
"c:\windows\system32\SET435.tmp"
"c:\windows\system32\SET439.tmp"
"c:\windows\system32\SET4B4.tmp"
"c:\windows\system32\SET4BC.tmp"
"c:\windows\system32\SET4C0.tmp"
"c:\windows\system32\SET4C4.tmp"
"c:\windows\system32\SET4F4.tmp"
"c:\windows\system32\SET4FC.tmp"
"c:\windows\system32\SET500.tmp"
"c:\windows\system32\SET504.tmp"
"c:\windows\system32\SET529.tmp"
"c:\windows\system32\SET531.tmp"
"c:\windows\system32\SET535.tmp"
"c:\windows\system32\SET539.tmp"
"c:\windows\system32\SET54B.tmp"
"c:\windows\system32\SET553.tmp"
"c:\windows\system32\SET557.tmp"
"c:\windows\system32\SET55B.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\odwto.sys
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET435.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET4BC.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET4C4.tmp
c:\windows\system32\SET4F4.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET500.tmp
c:\windows\system32\SET504.tmp
c:\windows\system32\SET529.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET535.tmp
c:\windows\system32\SET539.tmp
c:\windows\system32\SET54B.tmp
c:\windows\system32\SET553.tmp
c:\windows\system32\SET557.tmp
c:\windows\system32\SET55B.tmp

.
((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-17 17:20 . 2011-02-17 17:20 -------- d-----w- c:\program files\PageRage
2011-02-17 17:20 . 2011-02-17 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-02-15 23:57 . 2011-02-16 00:03 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-02-15 23:55 . 2011-02-15 23:55 -------- d-----w- c:\program files\7-Zip
2011-02-09 19:07 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2011-02-09 00:46 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-09 00:46 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-09 00:46 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-09 00:46 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-09 00:45 . 2011-02-17 23:02 -------- d-----w- c:\program files\Alwil Software
2011-02-09 00:45 . 2011-02-17 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-06 20:15 . 2011-02-06 20:15 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-06 20:04 . 2011-02-06 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-02-03 18:42 . 2011-02-03 18:42 91305284 ----a-w- C:\registrybackup.reg
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-26 16:12 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-31 13:10 . 2004-08-26 16:12 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 02:09 . 2010-05-07 16:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-05-07 16:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-26 16:11 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-26 16:12 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-01 04:16 . 2010-12-01 04:17 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2010-11-21 00:10 . 2010-11-21 00:10 398744 ----a-r- c:\windows\cpnprt2.cid
2010-11-21 00:10 . 2010-11-21 00:10 398744 ------w- c:\windows\system32\cpnprt2.cid
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b552069b-7b85-492f-8b98-ccf409c93a39}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\OddsMaker\tbOdd0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-11 01:41 191488 ------w- c:\program files\PageRage\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b552069b-7b85-492f-8b98-ccf409c93a39}"= "c:\program files\OddsMaker\tbOdd0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B552069B-7B85-492F-8B98-CCF409C93A39}"= "c:\program files\OddsMaker\tbOdd0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2004-07-12 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 17:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
run_startmenu.cmd [2007-7-22 45]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\BetOnSoft\\Treasure Mile\\Code\\win32\\vc80\\release\\GameHost\\GameClient.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 4:10 PM 68168]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/27/2009 1:23 PM 23064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 14:37]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 14:37]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331974884-1450638761-1295202341-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 20:23]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331974884-1450638761-1295202341-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 20:23]

2011-02-17 c:\windows\Tasks\User_Feed_Synchronization-{A03B4998-70F0-46BB-B34C-650D953101BF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\documents and settings\Owner\Application Data\FlashGetBHO\GetAllFlvUrl.htm
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download all by FlashGet3 - c:\documents and settings\Owner\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Owner\Application Data\FlashGetBHO\GetUrl.htm
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.luckynugget.co.uk/download_helper/Nyoko.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 19:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-02-17 19:15:03
ComboFix-quarantined-files.txt 2011-02-18 03:14
ComboFix2.txt 2011-02-17 22:52
ComboFix3.txt 2010-07-19 05:31

Pre-Run: 60,191,764,480 bytes free
Post-Run: 60,128,083,968 bytes free

- - End Of File - - 2B20834E8A576E0108083C0463AAEEB7

#11 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 17 February 2011 - 10:57 PM

OK After running the combofix I tried to install AV again and the same thing popped up :ERROR
I could open the Log for it but not copy and paste it, it had the option to copy to clipboard , but I don't know where to locate it after I clicked on clipboard. ( in case you like to see the Avast install log )

I was reading somewhere that a person with this problem had the security / authorization / admin settings wrong ..Could that also be one of the problems with my PC or am I just another victim of mean malware ...sniff :huh:
Liane

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 AM

Posted 17 February 2011 - 11:20 PM

after you click on clip board open up notepad and right click anywhere inside it and select paste and send it to me here I do want to see it just to see the error it gives


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 17 February 2011 - 11:55 PM

Well Thank you , I just learned about clipboard :thumbup2:
Here is the Log:

17.02.2011 19:42:35 general: Started: 17.02.2011, 19:42:35
17.02.2011 19:42:35 general: Running setup_ais-379 (889)
17.02.2011 19:42:35 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
17.02.2011 19:42:35 system: Memory: 73% load. Phys:119924/458224K free, Page:795876/1082828K free, Virt:2067496/2097024K free
17.02.2011 19:42:35 system: Computer WinName: MYBABY
17.02.2011 19:42:35 system: Windows Net User: MYBABY\Owner
17.02.2011 19:42:35 general: Cmdline: /sfx /sfxstorage "C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556" /srcpath "C:\DOCUME~1\Owner\Desktop" /sfxname "setup_av_free"
17.02.2011 19:42:35 general: DldSrc set to sfx
17.02.2011 19:42:35 general: Old version: ffffffff (-1)
17.02.2011 19:42:35 registry: Deleted registry: Software\Alwil Software\Avast\5.0\UpdateReady
17.02.2011 19:42:35 general: Install check: SetupVersion does NOT exist
17.02.2011 19:42:35 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 0
17.02.2011 19:42:35 registry: Get registry: Software\Microsoft\Internet Explorer\Version=8.0.6001.18702
17.02.2011 19:42:35 general: Operation set to INST_OP_INSTALL
17.02.2011 19:42:35 general: GUID: 38db4b83-d49f-43c0-979f-0a4622af2bc0
17.02.2011 19:42:35 general: SelectCurrent: selected server 'tmp sfx storage' from 'sfx'
17.02.2011 19:42:35 internet: SYNCER: Type: use IE settings
17.02.2011 19:42:35 internet: SYNCER: Auth: another authentication, use WinInet
17.02.2011 19:42:35 general: Changed Edition=1
17.02.2011 19:42:35 general: Entered SetupProcessAIS::Do( INST_OP_INSTALL )
17.02.2011 19:42:35 general: Entered SetupProcessWin32Avast::Do( INST_OP_INSTALL )
17.02.2011 19:42:35 general: Entered SetupProcessWin32::Do( INST_OP_INSTALL )
17.02.2011 19:42:35 general: Entered SetupProcess::Do( INST_OP_INSTALL )
17.02.2011 19:42:43 package: LoadProductVpu: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556\prod-ais.vpx
17.02.2011 19:42:43 package: LoadPartInfo: jrog = jrog-a7 returned 00000000
17.02.2011 19:42:43 package: LoadPartInfo: jrog2 = jrog2-11a returned 00000000
17.02.2011 19:42:43 package: LoadPartInfo: program = prg_ais-379 returned 00000000
17.02.2011 19:42:43 package: LoadPartInfo: setup = setup_ais-379 returned 00000000
17.02.2011 19:42:43 package: LoadPartInfo: vps = vps_win32-11012000 returned 00000000
17.02.2011 19:42:43 package: LoadProductVpu: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556\prod-ais.vpx ended with 00000000
17.02.2011 19:42:43 package: Part prg_ais-379 was set to be installed
17.02.2011 19:42:43 package: Part vps_win32-11012000 was set to be installed
17.02.2011 19:42:43 package: Part setup_ais-379 was set to be installed
17.02.2011 19:42:43 package: Part jrog-a7 was set to be installed
17.02.2011 19:42:43 package: Part jrog2-11a was set to be installed
17.02.2011 19:42:43 general: progress thread start
17.02.2011 19:43:06 internet: SYNCER: Agent=Syncer/5.00 (ais-889;p)
17.02.2011 19:43:07 package: LoadProductVpu: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556\prod-ais.vpx
17.02.2011 19:43:07 package: LoadPartInfo: jrog = jrog-a7 returned 00000000
17.02.2011 19:43:07 package: LoadPartInfo: jrog2 = jrog2-11a returned 00000000
17.02.2011 19:43:07 package: LoadPartInfo: program = prg_ais-379 returned 00000000
17.02.2011 19:43:07 package: LoadPartInfo: setup = setup_ais-379 returned 00000000
17.02.2011 19:43:07 package: LoadPartInfo: vps = vps_win32-11012000 returned 00000000
17.02.2011 19:43:07 package: LoadProductVpu: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556\prod-ais.vpx ended with 00000000
17.02.2011 19:43:09 package: FilterOutExistingFiles: 92 & 0 = 92
17.02.2011 19:43:09 package: IsFullOkay: ais_core-2a6.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: ais_core-2a6.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package ais_core set to 1
17.02.2011 19:43:09 package: IsFullOkay: ais_dll_eng-2ee.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: ais_dll_eng-2ee.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package ais_dll_eng set to 1
17.02.2011 19:43:09 package: IsFullOkay: ais_res-1dc.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: ais_res-1dc.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package ais_res set to 1
17.02.2011 19:43:09 package: IsFullOkay: winsys-3.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: winsys-3.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package winsys set to 1
17.02.2011 19:43:09 package: IsFullOkay: vps_32-3c2.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: vps_32-3c2.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package vps_32 set to 1
17.02.2011 19:43:09 package: IsFullOkay: vps_win32-3d6.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: vps_win32-3d6.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package vps_win32 set to 1
17.02.2011 19:43:09 package: IsFullOkay: jrog-a7.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: jrog-a7.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package jrog set to 1
17.02.2011 19:43:09 package: IsFullOkay: jrog2-11a.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: IsFullOkay: jrog2-11a.vpx - not okay (doesn't exist)
17.02.2011 19:43:09 package: SetFullAsMarked: Package jrog2 set to 1
17.02.2011 19:43:10 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:10 file: GetFileWithRetry: ais_core-2a6.vpx downloaded and verified
17.02.2011 19:43:10 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\ais_core-2a6.vpx, returned 0x00000000
17.02.2011 19:43:10 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:10 file: GetFileWithRetry: ais_dll_eng-2ee.vpx downloaded and verified
17.02.2011 19:43:10 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\ais_dll_eng-2ee.vpx, returned 0x00000000
17.02.2011 19:43:10 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:10 file: GetFileWithRetry: ais_res-1dc.vpx downloaded and verified
17.02.2011 19:43:10 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\ais_res-1dc.vpx, returned 0x00000000
17.02.2011 19:43:11 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:11 file: GetFileWithRetry: winsys-3.vpx downloaded and verified
17.02.2011 19:43:11 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\winsys-3.vpx, returned 0x00000000
17.02.2011 19:43:17 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:17 file: GetFileWithRetry: vps_32-3c2.vpx downloaded and verified
17.02.2011 19:43:17 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\vps_32-3c2.vpx, returned 0x00000000
17.02.2011 19:43:28 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:28 file: GetFileWithRetry: vps_win32-3d6.vpx downloaded and verified
17.02.2011 19:43:28 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\vps_win32-3d6.vpx, returned 0x00000000
17.02.2011 19:43:28 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:28 file: GetFileWithRetry: jrog-a7.vpx downloaded and verified
17.02.2011 19:43:28 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\jrog-a7.vpx, returned 0x00000000
17.02.2011 19:43:28 internet: Used server: C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a11556
17.02.2011 19:43:28 file: GetFileWithRetry: jrog2-11a.vpx downloaded and verified
17.02.2011 19:43:28 package: DldPackage: C:\Program Files\Alwil Software\Avast5\Setup\jrog2-11a.vpx, returned 0x00000000
17.02.2011 19:43:29 general: setup: updated
17.02.2011 19:43:29 general: setif: updated
17.02.2011 19:43:29 package: FilterOutExistingFiles: 92 & 0 = 92
17.02.2011 19:43:29 package: Extracting from ais_core-2a6.vpx
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashBase.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashBase.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashServ.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashServ.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashShell.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashShell.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashTask.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashTask.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswAux.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswAux.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
17.02.2011 19:43:29 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
17.02.2011 19:43:29 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswData.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswData.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswDld.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswDld.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswIdle.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswIdle.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswLog.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswLog.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswProperty.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswProperty.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswUtil.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswUtil.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\avastSS.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\avastSS.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AvSSHook.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\AvSSHook.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\CommonRes.dll
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\CommonRes.dll
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashQuick.exe
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashQuick.exe
17.02.2011 19:43:30 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashUpd.exe
17.02.2011 19:43:30 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashUpd.exe
17.02.2011 19:43:31 file: Direct move of file: C:\WINDOWS\system32\aswBoot.exe
17.02.2011 19:43:31 file: Installed file:C:\WINDOWS\system32\aswBoot.exe
17.02.2011 19:43:31 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswChLic.exe
17.02.2011 19:43:31 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswChLic.exe
17.02.2011 19:43:31 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe
17.02.2011 19:43:31 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe
17.02.2011 19:43:31 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe
17.02.2011 19:43:31 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe
17.02.2011 19:43:31 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswRunDll.exe
17.02.2011 19:43:31 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswRunDll.exe
17.02.2011 19:43:31 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17.02.2011 19:43:31 file: Installed file:C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17.02.2011 19:43:31 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AvastUI.exe
17.02.2011 19:43:31 file: Installed file:C:\Program Files\Alwil Software\Avast5\AvastUI.exe
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\sched.exe
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\sched.exe
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\VisthAux.exe
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\VisthAux.exe
17.02.2011 19:43:32 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\avast5.ini
17.02.2011 19:43:32 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\avast5.ini
17.02.2011 19:43:32 file: Direct move of file: C:\WINDOWS\avastSS.scr
17.02.2011 19:43:32 file: Installed file:C:\WINDOWS\avastSS.scr
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\amline.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\amline.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\maps\world.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\maps\world.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\amcharts_key.txt
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\amcharts_key.txt
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
17.02.2011 19:43:32 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\fw_question.wav
17.02.2011 19:43:32 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\fw_question.wav
17.02.2011 19:43:32 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\scan_completed.wav
17.02.2011 19:43:32 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\scan_completed.wav
17.02.2011 19:43:32 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\threat_detected.wav
17.02.2011 19:43:32 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\threat_detected.wav
17.02.2011 19:43:32 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\virus_db_updated.wav
17.02.2011 19:43:32 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\virus_db_updated.wav
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\empty_map.xml
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\flash\ammap\empty_map.xml
17.02.2011 19:43:32 package: Extracting from ais_dll_eng-2ee.vpx
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\Avast5_1033.chm
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\Avast5_1033.chm
17.02.2011 19:43:32 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\Base.dll
17.02.2011 19:43:32 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\Base.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\Boot.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\Boot.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.htm
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.htm
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.htm
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.htm
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.txt
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.txt
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.txt
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.txt
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\pup_detected.wav
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\pup_detected.wav
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\scan_completed.wav
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\scan_completed.wav
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\suspicious_detected.wav
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\suspicious_detected.wav
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\threat_detected.wav
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\threat_detected.wav
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\welcome.wav
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\welcome.wav
17.02.2011 19:43:33 package: Extracting from ais_res-1dc.vpx
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AhResMai.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\AhResMai.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AhResMes.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\AhResMes.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AhResNS.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\AhResNS.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AhResStd.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\AhResStd.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\AhResWS.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\AhResWS.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashOutXt.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashOutXt.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswMonVD.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswMonVD.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\snxhk.dll
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\snxhk.dll
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\Blocked.htm
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\Blocked.htm
17.02.2011 19:43:33 file: Direct move of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\image001.png
17.02.2011 19:43:33 file: Installed file:C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\image001.png
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\Aavmker4.sys
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\Aavmker4.sys
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswFsBlk.sys
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\aswFsBlk.sys
17.02.2011 19:43:33 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon.sys
17.02.2011 19:43:33 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon.sys
17.02.2011 19:43:34 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon2.sys
17.02.2011 19:43:34 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon2.sys
17.02.2011 19:43:34 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\aswMonDS.sys
17.02.2011 19:43:34 file: Installed file:C:\Program Files\Alwil Software\Avast5\aswMonDS.sys
17.02.2011 19:43:34 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMonFlt.sys
17.02.2011 19:43:34 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMonFlt.sys
17.02.2011 19:43:34 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\AswRdr.sys
17.02.2011 19:43:34 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\AswRdr.sys
17.02.2011 19:43:34 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys
17.02.2011 19:43:34 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys
17.02.2011 19:43:34 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\AswTdi.sys
17.02.2011 19:43:34 file: Installed file:C:\Program Files\Alwil Software\Avast5\Setup\INF\AswTdi.sys
17.02.2011 19:43:34 package: Extracting from winsys-3.vpx
17.02.2011 19:43:34 file: Direct move of file: C:\Program Files\Alwil Software\Avast5\vcredist_x86_sp1.exe
17.02.2011 19:43:34 file: Installed file:C:\Program Files\Alwil Software\Avast5\vcredist_x86_sp1.exe
17.02.2011 19:43:34 package: program: installed 92 files (17623504 bytes), removed 0 files
17.02.2011 19:43:34 system: Executing:C:\Program Files\Alwil Software\Avast5\vcredist_x86_SP1.exe /q
17.02.2011 19:44:00 system: Executed:C:\Program Files\Alwil Software\Avast5\vcredist_x86_SP1.exe /q
17.02.2011 19:44:00 package: vps version 11012000
17.02.2011 19:44:00 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\Sf.bin (4)
17.02.2011 19:44:01 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\Sf.bin
17.02.2011 19:44:01 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\dllcc.dat (2)
17.02.2011 19:44:01 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\dllcc.dat
17.02.2011 19:44:01 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\ArPot.dll (4)
17.02.2011 19:44:01 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\ArPot.dll
17.02.2011 19:44:01 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswAR.dll (4)
17.02.2011 19:44:01 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswAR.dll
17.02.2011 19:44:01 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswBoot.dll (4)
17.02.2011 19:44:02 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswBoot.dll
17.02.2011 19:44:02 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCleanerDLL.dll (4)
17.02.2011 19:44:02 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCleanerDLL.dll
17.02.2011 19:44:02 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnBS.dll (4)
17.02.2011 19:44:02 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnBS.dll
17.02.2011 19:44:02 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnIS.dll (4)
17.02.2011 19:44:02 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnIS.dll
17.02.2011 19:44:02 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnOS.dll (4)
17.02.2011 19:44:02 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnOS.dll
17.02.2011 19:44:02 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswEngin.dll (4)
17.02.2011 19:44:04 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswEngin.dll
17.02.2011 19:44:04 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswRawFS.dll (4)
17.02.2011 19:44:04 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswRawFS.dll
17.02.2011 19:44:04 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\aswScan.dll (4)
17.02.2011 19:44:04 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\aswScan.dll
17.02.2011 19:44:04 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\exts.dll (4)
17.02.2011 19:44:04 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\exts.dll
17.02.2011 19:44:04 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\fwAux.dll (4)
17.02.2011 19:44:04 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\fwAux.dll
17.02.2011 19:44:04 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\list_d.txt (2)
17.02.2011 19:44:04 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\list_d.txt
17.02.2011 19:44:04 package: vps: ExtractFilesFromPackage(vps_win32-3d6.vpx) returned 0x00000000
17.02.2011 19:44:04 package: vps: OpenPackage(vps_32-3c2.vpx) returned 0x00000000
17.02.2011 19:44:04 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\whitelist.db (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\whitelist.db
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_el.dat (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_el.dat
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_java.dat (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_java.dat
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_js.dat (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_js.dat
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx4.dat (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx4.dat
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx95.dat (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx95.dat
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_o7.dat (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_o7.dat
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_ob.dat (2)
17.02.2011 19:44:05 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_ob.dat
17.02.2011 19:44:05 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_pe2.dat (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_pe2.dat
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_swf.dat (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_swf.dat
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_tx.dat (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_tx.dat
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_u.dat (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_u.dat
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_w6.dat (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_w6.dat
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_wh.dat (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_wh.dat
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\algo.dll (4)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\algo.dll
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\def.ini (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\def.ini
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\certs.map (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\certs.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_java.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_java.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_js.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_js.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx4.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx4.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx95.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx95.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_o7.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_o7.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_swf.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_swf.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_w6.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_w6.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\db_xtn.map (20000)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\db_xtn.map
17.02.2011 19:44:11 package: vps: going to extract C:\Program Files\Alwil Software\Avast5\defs\11012000\list_i.txt (2)
17.02.2011 19:44:11 package: extracted file C:\Program Files\Alwil Software\Avast5\defs\11012000\list_i.txt
17.02.2011 19:44:11 package: vps: preparePool C:\Program Files\Alwil Software\Avast5\defs\11012000\l_idx.map, ok
17.02.2011 19:44:11 package: vps: preparePool C:\Program Files\Alwil Software\Avast5\defs\11012000\s_idx.map, ok
17.02.2011 19:44:11 package: vps: preparePool C:\Program Files\Alwil Software\Avast5\defs\11012000\sl_idx.map, ok
17.02.2011 19:44:12 package: vps: Create file C:\Program Files\Alwil Software\Avast5\defs\11012000\lshe3.map, ok
17.02.2011 19:44:12 package: vps: Create file C:\Program Files\Alwil Software\Avast5\defs\11012000\acshort.map, ok
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\DataFolder=C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\Version=5.1
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\VersionShort=5.1
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\SetupVersion=889
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\ProgramFolder=C:\Program Files\Alwil Software\Avast5
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\Product=ais
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\OSPlatform=2
17.02.2011 19:44:13 registry: Set registry: Software\Alwil Software\Avast\5.0\OSVersion=327681
17.02.2011 19:44:13 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\App Paths\AvastUI.exe\Path=C:\Program Files\Alwil Software\Avast5
17.02.2011 19:44:13 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\App Paths\AvastUI.exe\=C:\Program Files\Alwil Software\Avast5\AvastUI.exe
17.02.2011 19:44:13 registry: Set registry: .avastlic\=avastlicfile
17.02.2011 19:44:13 registry: Set registry: .avastlic\Content Type=application/avast-license
17.02.2011 19:44:13 registry: Set registry: avastlicfile\=avast! license file
17.02.2011 19:44:13 registry: Set registry: avastlicfile\EditFlags=65536
17.02.2011 19:44:13 registry: Set registry: avastlicfile\BrowserFlags=8
17.02.2011 19:44:13 registry: Set registry: avastlicfile\shell\=
17.02.2011 19:44:13 registry: Set registry: avastlicfile\shell\open\=
17.02.2011 19:44:13 registry: Set registry: avastlicfile\shell\open\command\="C:\Program Files\Alwil Software\Avast5\aswChLic.exe" "%1"
17.02.2011 19:44:13 registry: Set registry: .avastsounds\=avastsoundsfile
17.02.2011 19:44:13 registry: Set registry: .avastsounds\Content Type=application/avast-sounds
17.02.2011 19:44:13 registry: Set registry: avastsoundsfile\=avast! soundpack file
17.02.2011 19:44:13 registry: Set registry: avastsoundsfile\EditFlags=65536
17.02.2011 19:44:13 registry: Set registry: avastsoundsfile\BrowserFlags=8
17.02.2011 19:44:13 registry: Set registry: avastsoundsfile\shell\=
17.02.2011 19:44:13 registry: Set registry: avastsoundsfile\shell\open\=
17.02.2011 19:44:13 registry: Set registry: avastsoundsfile\shell\open\command\="C:\Program Files\Alwil Software\Avast5\aswChLic.exe" "%1"
17.02.2011 19:44:13 system: Error copying driver file C:\WINDOWS\system32\aswBoot.exe (0x00000003)
17.02.2011 19:44:14 system: Service aswMon2 NOT installed, error code: 0x000005AA
17.02.2011 19:44:14 registry: Cannot set reg. key:SYSTEM\CurrentControlSet\Services\aswMon2\Parameters
17.02.2011 19:44:14 system: Service avast! Mail Scanner uninstalled
17.02.2011 19:44:14 registry: Set registry: SOFTWARE\Microsoft\Exchange\Client\Extensions\avast! 5=4.0;C:\Program Files\Alwil Software\Avast5\ashOutXt.dll;1;10000111111000
17.02.2011 19:44:14 system: Driver file copied: C:\WINDOWS\system32\drivers\aswTdi.sys
17.02.2011 19:44:15 system: Service aswTdi NOT installed, error code: 0x000005AA
17.02.2011 19:44:15 system: Service 'aswTdi' load order set id=9 in group 'PNP_TDI'
17.02.2011 19:44:15 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswTdi\Tag=9
17.02.2011 19:44:15 system: Service avast! Web Scanner uninstalled
17.02.2011 19:44:15 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswSP\Parameters\BehavShield=1
17.02.2011 19:44:15 system: Service avast! Antivirus NOT installed, error code: 0x000005AA
17.02.2011 19:44:15 system: Service avast! Antivirus dependency aswMon2;RpcSS;
17.02.2011 19:44:15 registry: Cannot set reg. key:SYSTEM\CurrentControlSet\Services\avast! Antivirus
17.02.2011 19:44:15 system: Service avast! Antivirus NOT updated, error code: 0x00000424
17.02.2011 19:44:15 system: sysSetServiceRestartActions(avast! Antivirus) failed, error code: 0x00000424
17.02.2011 19:44:15 registry: Cannot set reg. key:SYSTEM\CurrentControlSet\Services\aswSP\Parameters
17.02.2011 19:44:15 registry: Cannot set reg. key:SYSTEM\CurrentControlSet\Services\aswSP\Parameters
17.02.2011 19:44:15 system: Driver file copied: C:\WINDOWS\system32\drivers\aswSP.sys
17.02.2011 19:44:16 system: Service aswSP NOT installed, error code: 0x000005AA
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\DisplayName=avast! Free Antivirus
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\DisplayVersion=5.1.889.0
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\InstallLocation=C:\PROGRA~1\ALWILS~1\Avast5
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\InstallSource=C:\DOCUME~1\Owner\Desktop
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\Publisher=Alwil Software
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\VersionMajor=5
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\VersionMinor=1
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\DisplayIcon=C:\Program Files\Alwil Software\Avast5\avastUI.exe
17.02.2011 19:44:16 registry: Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5\UninstallString=C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
17.02.2011 19:44:33 registry: Deleted registry: SOFTWARE\Microsoft\Exchange\Client\Extensions\avast! 5
17.02.2011 19:44:33 system: Uninstalling aswTdi.sys
17.02.2011 19:44:33 system: Stopping service aswTdi
17.02.2011 19:44:33 system: OpenSCManager
17.02.2011 19:44:33 system: OpenService
17.02.2011 19:44:33 system: OpenService, errcode: 0x00000424
17.02.2011 19:44:33 system: Service aswTdi stopped, errcode: 0x00000424
17.02.2011 19:44:34 system: Removing service 'AswTdi' load order id=9 in group 'PNP_TDI'
17.02.2011 19:44:34 registry: Deleted registry: SYSTEM\CurrentControlSet\Services\AswTdi
17.02.2011 19:44:34 registry: Deleted registry: Software\Alwil Software\Avast\5.0
17.02.2011 19:44:34 registry: Deleted registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast5
17.02.2011 19:44:34 registry: Get registry: Software\Microsoft\Windows\CurrentVersion\App Paths\AvastUI.exe\Path=C:\Program Files\Alwil Software\Avast5
17.02.2011 19:44:34 registry: Deleted registry: Software\Microsoft\Windows\CurrentVersion\App Paths\AvastUI.exe
17.02.2011 19:44:34 registry: Deleted registry: .avastlic
17.02.2011 19:44:34 registry: Deleted registry: command
17.02.2011 19:44:34 registry: Deleted registry: open
17.02.2011 19:44:34 registry: Deleted registry: shell
17.02.2011 19:44:34 registry: Deleted registry: avastlicfile
17.02.2011 19:44:34 registry: RegLoadKey(HKEY_USERS, Av_S-1-5-18, C:\WINDOWS\system32\config\systemprofile\NtUser.dat)
17.02.2011 19:44:34 registry: RegLoadKey(HKEY_USERS, Av_S-1-5-19, C:\Documents and Settings\LocalService\NtUser.dat)
17.02.2011 19:44:34 registry: Load registry hive ERROR_SHARING_VIOLATION
17.02.2011 19:44:34 registry: RegLoadKey(HKEY_USERS, Av_S-1-5-20, C:\Documents and Settings\NetworkService\NtUser.dat)
17.02.2011 19:44:34 registry: Load registry hive ERROR_SHARING_VIOLATION
17.02.2011 19:44:34 registry: RegLoadKey(HKEY_USERS, Av_S-1-5-21-3331974884-1450638761-1295202341-1003, C:\Documents and Settings\Owner\NtUser.dat)
17.02.2011 19:44:34 registry: Load registry hive ERROR_SHARING_VIOLATION
17.02.2011 19:44:34 file: Removing file: C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
17.02.2011 19:44:34 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
17.02.2011 19:44:34 file: Removing file: C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashBase.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashBase.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashServ.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashServ.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashShell.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashShell.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashTask.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashTask.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswAux.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswAux.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
17.02.2011 19:44:35 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
17.02.2011 19:44:35 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswData.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswData.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswDld.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswDld.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswIdle.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswIdle.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswLog.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswLog.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswProperty.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswProperty.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswUtil.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswUtil.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\avastSS.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\avastSS.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AvSSHook.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AvSSHook.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\CommonRes.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\CommonRes.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashQuick.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashQuick.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashUpd.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashUpd.exe
17.02.2011 19:44:36 file: Removing file: C:\WINDOWS\system32\aswBoot.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\WINDOWS\system32\aswBoot.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswChLic.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswChLic.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswRunDll.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswRunDll.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AvastUI.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AvastUI.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\sched.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\sched.exe
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\VisthAux.exe
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\VisthAux.exe
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\avast5.ini
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\avast5.ini
17.02.2011 19:44:36 file: Removing file: C:\WINDOWS\avastSS.scr
17.02.2011 19:44:36 file: Direct delete of file: C:\WINDOWS\avastSS.scr
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\amline.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\amline.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\maps\world.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\maps\world.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\amcharts_key.txt
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\amcharts_key.txt
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\fw_question.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\fw_question.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\scan_completed.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\scan_completed.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\threat_detected.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\threat_detected.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\virus_db_updated.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\virus_db_updated.wav
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\flash\ammap\empty_map.xml
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\flash\ammap\empty_map.xml
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\Avast5_1033.chm
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\Avast5_1033.chm
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\Base.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\Base.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\Boot.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\Boot.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.htm
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.htm
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.htm
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.htm
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.txt
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\aswClnTg.txt
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.txt
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\1033\aswInfTg.txt
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\pup_detected.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\pup_detected.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\scan_completed.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\scan_completed.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\suspicious_detected.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\suspicious_detected.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\threat_detected.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\threat_detected.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\welcome.wav
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\welcome.wav
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AhResMai.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AhResMai.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AhResMes.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AhResMes.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AhResNS.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AhResNS.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AhResStd.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AhResStd.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\AhResWS.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\AhResWS.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashOutXt.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashOutXt.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswMonVD.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswMonVD.dll
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\snxhk.dll
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\snxhk.dll
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\Blocked.htm
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\Blocked.htm
17.02.2011 19:44:36 file: Removing file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\image001.png
17.02.2011 19:44:36 file: Direct delete of file: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\image001.png
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\Aavmker4.sys
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\Aavmker4.sys
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswFsBlk.sys
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswFsBlk.sys
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon.sys
17.02.2011 19:44:36 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon.sys
17.02.2011 19:44:36 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon2.sys
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMon2.sys
17.02.2011 19:44:37 file: Removing file: C:\Program Files\Alwil Software\Avast5\aswMonDS.sys
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\aswMonDS.sys
17.02.2011 19:44:37 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMonFlt.sys
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswMonFlt.sys
17.02.2011 19:44:37 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\AswRdr.sys
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\AswRdr.sys
17.02.2011 19:44:37 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys
17.02.2011 19:44:37 file: Removing file: C:\Program Files\Alwil Software\Avast5\Setup\INF\AswTdi.sys
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\INF\AswTdi.sys
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\acshort.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\algo.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\ArPot.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswAR.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswBoot.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCleanerDLL.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnBS.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnIS.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswCmnOS.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswEngin.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswRawFS.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\aswScan.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\certs.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_el.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_java.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_java.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_js.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_js.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx4.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx4.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx95.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_mx95.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_o7.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_o7.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_ob.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_pe2.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_swf.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_swf.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_tx.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_u.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_w6.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_w6.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_wh.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\db_xtn.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\def.ini
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\dllcc.dat
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\exts.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\fwAux.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\list_d.txt
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\list_i.txt
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\lshe3.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\l_idx.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\l_nmp.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\Sf.bin
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\sl_idx.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\sl_nmp.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\s_idx.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\s_nmp.map
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\11012000\whitelist.db
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\defs\aswdefs.ini
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\ais_core-2a6.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\ais_dll_eng-2ee.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\ais_res-1dc.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\jrog-a7.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\jrog2-11a.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\part-jrog-a7.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\part-jrog2-11a.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\part-prg_ais-379.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\part-setup_ais-379.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\part-vps_win32-11012000.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\prod-ais.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\servers.def
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\servers.def.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\setiface.ovr
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\setif_ais-379.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\setup.ini
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\setup.ovr
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\setup_ais-379.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\vps_32-3c2.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\vps_win32-3d6.vpx
17.02.2011 19:44:37 file: Direct delete of file: C:\Program Files\Alwil Software\Avast5\Setup\winsys-3.vpx
17.02.2011 19:44:38 package: Transferred: files 0, bytes 0, time 7578 ms
17.02.2011 19:44:38 package: Retries: total 0, files 0, servers 1
17.02.2011 19:44:38 general: GetLicNumber: LoadLibrary( C:\Program Files\Alwil Software\Avast5\ashBase.dll ) return value: 0x00000000
17.02.2011 19:44:38 general: DldSrc set to inet
17.02.2011 19:44:38 general: Server definition(s) loaded for 'main': 398 (maintenance:0)
17.02.2011 19:44:38 general: SelectCurrent: selected server 'Limelight 002 AVAST5 Server' from 'main'
17.02.2011 19:44:38 internet: SYNCER: Type: use IE settings
17.02.2011 19:44:38 internet: SYNCER: Auth: another authentication, use WinInet
17.02.2011 19:44:43 internet: Sending stats 'http://stats5.avast.com/cgi-bin/iavs4stats.cgi': 00000000 204
17.02.2011 19:44:43 file: NeedReboot=false
17.02.2011 19:44:43 general: Return code: 0x000005AA [Insufficient system resources exist to complete the requested service.]
17.02.2011 19:44:43 general: Stopped: 17.02.2011, 19:44:43

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 AM

Posted 18 February 2011 - 12:12 AM

Hello

I want you to use this tool to remove all of avast and then try to reinstall it and let me know


http://www.avast.com/uninstall-utility
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:49 AM

Posted 18 February 2011 - 01:24 AM

Hey Gringo,
Did as you said and I was able to install the Avast AV :thumbup2:
HOWEVER It will NOT UPDATE :huh:
So I uninstalled and re-downloaded the Avast, again not able to update, it says can not connect to server.
I also tried to now install the security updates for windows . which I could not install previously, and That went fine now :thumbsup:
So I dont know what to do about the AV update.
Liane




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users