First I had some fake anti-virus pop-up(I cant recall the name). It would say it's downloading something so I would try to keep it closed. I couldnt open task manager or any windows so I restarted in safe-mode. I ran AVG scans, Malwarebytes Anti-Malware, then tried ComboFix and I got this message box :
ComboFix has detected the following real time scanner(s) to be active:
antivirus: Avg Anti-Virus Free
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.
Disable these scanners before clicking 'OK'.
I made sure it wasn't running stil got the message. I tried removing it in add/remove programs and it said it could not un-install for some reason I can't remember for sure. Then I tried an AVG remover program and now its gone from add/remove. Here is a piece from the top of the log::
(I read about an AVG virus somewhere on this site and followed all those removal instructions)
(I ran regedit and searached for AVG and deleted everything starting with it.)
(I noticed a weird file in c:\$AVG\$vault\V_00000011.fil , V_00000012.fil , and, vvfolder.idx . I'm not sure why those aren't removed and if I should manually do it myself?)
2011-02-19 20:43:48,125 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-02-19 20:43:48,171 INFO Command line: "C:\Documents and Settings\Compaq_Owner\Desktop\avg_remover_stf_x86_2011_1184.exe"
2011-02-19 20:43:48,187 DEBUG AvgDir param set to C:\Program Files\AVG\AVG9.
2011-02-19 20:43:48,187 WARN AvgAdminDir param empty.
2011-02-19 20:43:48,187 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg9.
2011-02-19 20:45:25,187 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-02-19 20:45:25,187 INFO Command line: "C:\Documents and Settings\Compaq_Owner\Desktop\avg_remover_stf_x86_2011_1184.exe"
2011-02-19 20:45:25,187 DEBUG AvgDir param set to C:\Program Files\AVG\AVG9.
2011-02-19 20:45:25,187 WARN AvgAdminDir param empty.
2011-02-19 20:45:25,187 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg9.
2011-02-19 20:45:55,640 INFO AvgRemover runs in attempt number 1
2011-02-19 20:45:55,640 INFO ***** Msi data *****
2011-02-19 20:45:55,718 DEBUG No product code found for our upgrade codes, nothing to do here
2011-02-19 20:45:55,718 INFO ***** Exchange&Outlook plugins data *****
2011-02-19 20:45:55,718 INFO Removing AvgOutlook addin
2011-02-19 20:45:55,718 INFO AvgOutlook Removing HKCR addin keys x86
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2011-02-19 20:45:55,718 INFO AvgOutlook Removing HKCR addin keys x64
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2011-02-19 20:45:55,718 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2011-02-19 20:45:55,718 INFO Removing Sharepoint plugin if exists
2011-02-19 20:45:55,718 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
2011-02-19 20:45:55,718 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
2011-02-19 20:45:55,718 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
2011-02-19 20:45:55,718 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
2
Back to top
