VirusPain

May 23, 2011

The uninstaller couldn't detect AVG, should I just uninstall it through my computer?

May 23, 2011

Here's the DDS logs

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Abi at 12:57:55 on 2011-05-23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.237 [GMT 1:00]

.

AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVG\AVG10\avgui.exe

C:\Program Files\AVG\AVG10\avgscanx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Abi\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local

uInternet Settings,ProxyServer = socks=

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe

mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe

mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\abi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9eaa30&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-GB&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.proxy.type - 0

FF - user.js: network.proxy.http -

FF - user.js: network.proxy.http_port - 0

FF - user.js: network.proxy.ssl -

FF - user.js: network.proxy.ssl_port - 0

FF - user.js: network.proxy.ftp -

FF - user.js: network.proxy.ftp_port - 0

FF - user.js: network.proxy.gopher -

FF - user.js: network.proxy.gopher_port - 0

FF - user.js: network.proxy.socks_version - 5

FF - user.js: network.proxy.socks -

FF - user.js: network.proxy.socks_port - 0

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]

R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-18 27632]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-8 947528]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-18 13224]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-5-18 86696]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-5-18 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-5-18 114472]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-5-18 108328]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-5-18 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-5-18 104616]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-5-18 109736]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-2 19840]

.

=============== Created Last 30 ================

.

2011-05-23 06:43:15 -------- d-----w- c:\documents and settings\abi\application data\QuickScan

2011-05-21 06:31:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-16 19:07:19 -------- d-----w- c:\documents and settings\abi\application data\Serif

2011-05-16 19:02:27 -------- d-----w- c:\program files\Serif

2011-05-11 19:35:40 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-11 19:35:38 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-11 19:35:34 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-11 19:35:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-11 19:35:33 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-11 19:35:26 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-11 19:35:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-11 19:35:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-07 08:49:21 3140 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2011-04-07 08:49:08 88 -csh--r- c:\documents and settings\all users\application data\CFF4E75662.sys

2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

.

============= FINISH: 12:59:25.23 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-05-19.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 07/11/2009 04:36:56

System Uptime: 23/05/2011 11:26:35 (1 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC10

Processor: Intel® Atom CPU N270 @ 1.60GHz | U2E1 | 1595/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 143 GiB total, 104.901 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Atheros AR5007EG Wireless Network Adapter

Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00C105B&REV_01\4&192AC53F&0&00E0

Manufacturer: Atheros

Name: Atheros AR5007EG Wireless Network Adapter

PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00C105B&REV_01\4&192AC53F&0&00E0

Service: AR5416

.

==== System Restore Points ===================

.

RP88: 26/02/2011 10:48:11 - Software Distribution Service 3.0

RP89: 06/03/2011 21:49:01 - System Checkpoint

RP90: 09/03/2011 21:46:59 - Software Distribution Service 3.0

RP91: 15/03/2011 09:27:59 - Avg Update

RP92: 15/03/2011 09:28:48 - Avg Update

RP93: 16/03/2011 08:18:24 - Installed Java 6 Update 24

RP94: 25/03/2011 16:24:44 - Software Distribution Service 3.0

RP95: 07/04/2011 09:54:14 - Removed Corel WinDVD 2010.

RP96: 07/04/2011 14:06:34 - Installed AVG 2011

RP97: 07/04/2011 14:08:56 - Removed AVG 9.0

RP98: 07/04/2011 14:09:07 - Removed AVG 2011

RP99: 07/04/2011 14:10:57 - Removed AVG 9.0

RP100: 07/04/2011 14:13:22 - Installed AVG 2011

RP101: 07/04/2011 14:15:14 - Removed AVG 9.0

RP102: 07/04/2011 14:15:25 - Removed AVG 2011

RP103: 08/04/2011 06:52:28 - Removed AVG 9.0

RP104: 08/04/2011 07:16:12 - Installed AVG 2011

RP105: 08/04/2011 07:18:07 - Removed AVG 9.0

RP106: 08/04/2011 07:22:20 - Installed AVG 2011

RP107: 11/04/2011 17:21:35 - System Checkpoint

RP108: 15/04/2011 10:20:02 - Software Distribution Service 3.0

RP109: 15/04/2011 12:30:58 - Software Distribution Service 3.0

RP110: 27/04/2011 10:04:19 - Software Distribution Service 3.0

RP111: 11/05/2011 10:00:22 - Software Distribution Service 3.0

RP112: 15/05/2011 09:23:34 - System Checkpoint

RP113: 16/05/2011 20:02:20 - Installed Serif CraftArtist Professional

RP114: 16/05/2011 20:25:44 - Installed Serif CraftArtist Wedding Day Collection

RP115: 16/05/2011 20:32:41 - Installed Serif CraftArtist Greeting Cards Collection

RP116: 16/05/2011 20:43:51 - Installed Serif CraftArtist Baby Photos Collection

RP117: 16/05/2011 21:01:20 - Installed Serif CraftArtist Scrapbooks Collection

RP118: 20/05/2011 12:44:03 - System Checkpoint

RP119: 22/05/2011 14:53:03 - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Center 2.0

Adobe Photoshop Elements 4.0

Adobe Reader 9.4.4

Adobe Shockwave Player 11.5

Amazon Kindle For PC

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros WLAN Client

Audials

Audials TV

Avanquest update

AVG 2011

AVG PC Tuneup 2011

Bonjour

BufferChm

C4600

DBXpress

Destinations

DeviceDiscovery

Easy Display Manager

Easy Network Manager

GPBaseService2

Hide IP NG 1.55

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5

HP Print Projects 1.0

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

imagine digital freedom - Samsung

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 24

Magic Keyboard

Malwarebytes' Anti-Malware

MarketResearch

Marvell Miniport Driver

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0.1 (x86 en-GB)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Namuga 1.3M Webcam

OpenOffice.org 3.1

Play Camera

PS_AIO_05_C4600_Software_Min

QuickTime

Realtek High Definition Audio Driver

Samsung Battery Manager

Samsung EDS

Samsung Magic Doctor

Samsung Recovery Solution III

Samsung Update Plus

Samsung Wallpaper

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Segoe UI

Serif CraftArtist Baby Photos Collection

Serif CraftArtist Greeting Cards Collection

Serif CraftArtist Professional

Serif CraftArtist Scrapbooks Collection

Serif CraftArtist Wedding Day Collection

Shop for HP Supplies

Skype Toolbars

Skype

May 23, 2011

Hi,

I've posted the first two AVG logs, the first was when it found and removed a rootkit, but it found and removed the same thing the day before. Then the second log later on it found 11 infections, removed 1 but said it couldn't remove the others.

I'll do the other scans you asked for now.

Thanks again

Abi

1st Log

"Scan ""Scheduled scan"" completed."

"Rootkits";"1";"1";"0"

"Information";"81"

"Folders selected for scanning:";"Whole computer scan"

"Scan started:";"21 May 2011, 19:14:51"

"Scan finished:";"21 May 2011, 22:36:28 (3 hour(s) 21 minute(s) 37 second(s))"

"Total object scanned:";"721328"

"User who launched the scan:";"SYSTEM"

"Rootkits"

"";"File";"Infection";"Result"

"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS0547D.log";"Hidden file";"Object is inaccessible."

"Information"

"";"File";"Information";"Result"

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\d5fea37c-ffff-ffff-8000-000000000000.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\97193d48-ffff-ffff-8000-000000000000.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\4c422478-0000-1000-8000-000000000000.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\3f1a90da-0000-1000-8000-000000000000.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\320108d6-0000-1000-8000-000000000000.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip.bak";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Relationships.dat";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\registryCoverage.dat";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip.bak";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat";"Password-protected";""

"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat";"Password-protected";""

"";"C:\Documents and Settings\Abi\Local Settings\Temporary Internet Files\Content.IE5\1ZLEQK8F\Weald of Kent May_Regional.doc";"Contains macros";""

"";"C:\WINDOWS\temp\avg-fdf2a209-f433-452b-9f11-701d142b6e01.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-f7d77b41-9976-415e-b95b-37363ec8cc61.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-e587123f-b733-4733-999c-1b584bcb7f7d.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-e55bfa53-259a-4b6c-bfc3-5a04e9cb7c28.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-e4a9756c-4fb2-4d23-b1f3-c94950626c68.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-e0177922-7df1-465a-b5f5-3630c7ebf81b.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-df04456a-c1ee-4c70-a1ba-5068948bd719.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-dc5ce704-06c6-4c05-80aa-9378137ef35f.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-d734be2f-7a87-4853-94e2-3d3211289208.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-c4351073-36aa-4118-82a2-be45c1423317.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-b9ae6f2d-3463-4227-b07b-1937bac9ef32.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-b5e45132-6da0-4d23-9b79-8d46e668fa41.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-9ba8a25b-7818-4b08-8a14-8e6b51465a2b.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-8be8fd63-1f02-4957-a65c-e61b20567f78.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-86992d0b-9269-4853-91c8-d021c3d86a2f.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-6e862f32-5595-4445-94d4-a447ff870405.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-5777906b-1599-4653-9577-415c0c5b981c.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-4a676f22-2c07-4f35-83de-fd31c5de375c.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-4352c601-17af-4941-b9ac-c92c99f6bc6c.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-37a62171-623c-4776-a92a-541d49d2af5b.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-2d824d43-c067-484f-9d87-d359d4e83e1f.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-2a6db848-e990-4324-81a9-3a0df3b0b827.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-22515677-8e08-4562-a3b0-315ff801b453.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-2075af6f-6b2e-4c7e-bf14-6f07c6f92a53.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-1e31264a-8547-4b0f-85df-a16484dc4368.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-19677d12-5d0a-4925-af85-551b59730f7f.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-173ba748-a757-4273-8a9e-9d53a5359a1b.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\temp\avg-03cd5c4e-851d-4d00-9f23-6d13af99e764.tmp";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\system.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\software.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\SECURITY.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\SAM.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\default.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\CatRoot2\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\WINDOWS\system32\CatRoot2\edb.log";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\LocalService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\All Users\Application Data\AVG10\avgam\avgam.lck";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\Abi\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\Abi\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."

"";"C:\Documents and Settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\parent.lock";"Locked file. Not tested.";"Locked file. Not tested."

2nd Log

"Scan ""Scheduled scan"" completed."

"Infections";"11";"1";"10"

"Information";"57"

"Folders selected for scanning:";"Whole computer scan"

"Scan started:";"22 May 2011, 12:00:04"

"Scan finished:";"22 May 2011, 12:16:10 (16 minute(s) 5 second(s))"

"Total object scanned:";"722136"

"User who launched the scan:";"SYSTEM"

"Infections"

"";"File";"Infection";"Result"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628)";"Virus found Win32/PEPatch";"Deleted"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf50000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf40000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf30000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0afe0000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fc0000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fb0000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fa0000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f90000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f80000";"Virus found Win32/PEPatch";"Infected"

"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f70000";"Virus found Win32/PEPatch";"Infected"