Mystart virus

I am trying to get rid of the "Mystart" page - it keeps appearing in my browser, even though I have uninstalled all associated programs, and disabled the Firefox add-on. How can I remove it completely?

Have you tried changing your homepage?

The good news is that it usually is a program from Incredimail and not a trojan. The bad news is that it still may be hard to get rid of.
But look for it in Add/Remove programs, under Incredimail.

Personally I would try Spybot S&D as this "older" scanner will often remove the program in one pass, while others do not identify it.
Download, check for updates, and then run a scan ("Check for problems"), Next click the ( +'s ) to remove all items found ("Fix problems")
Spybot sees it as a "bot" in the first part of its scan, then isolates it for removal -

You will generally lose the Incredimail program, but it is generally useless as a program -

Good Luck -

Yes, I tried S&D to no avail.

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do NOT run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click on change parameters
• Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

Step 2

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files
• List Restore points

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

The TDSSKiller found no threats

Step 2: here is the output:

Results of screen317's Security Check version 0.99.42
Windows XP x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2011
Norton Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.0)
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Hi. Please post the logs for Farbar Service Scanner and Minitoolbox also as requested.

OK, here is FSS.txt:


Farbar Service Scanner Version: 19-06-2012 01
Ran by tom (administrator) on 20-06-2012 at 07:53:18
Running from "C:\Documents and Settings\tom\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****











And the Minitoolbox output:

MiniToolBox by Farbar Version: 09-06-2012
Ran by tom (administrator) on 20-06-2012 at 07:50:32
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "HideMyAss.com"
"network.proxy.http_port", 3128
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
HUAWEI Mobile Connect - 3G Network Card = Local Area Connection 14 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 14"

set address name="Local Area Connection 14" source=dhcp
set dns name="Local Area Connection 14" source=dhcp register=PRIMARY
set wins name="Local Area Connection 14" source=dhcp

# Interface IP Configuration for "Network Connect Adapter"

set address name="Network Connect Adapter" source=dhcp
set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
set wins name="Network Connect Adapter" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : cmaster

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 1C-6F-65-48-71-81



Ethernet adapter Local Area Connection 14:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : HUAWEI Mobile Connect - 3G Network Card #2

Physical Address. . . . . . . . . : 00-1E-10-1F-EA-86

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.118

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

192.168.1.1

Lease Obtained. . . . . . . . . . : 20 June 2012 05:50:04

Lease Expires . . . . . . . . . . : 21 June 2012 05:50:04



Ethernet adapter Network Connect Adapter:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter

Physical Address. . . . . . . . . : 00-FF-98-DB-8D-FC

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 209.85.143.101, 209.85.143.100



Pinging google.com [209.85.143.100] with 32 bytes of data:



Reply from 209.85.143.100: bytes=32 time=335ms TTL=49

Reply from 209.85.143.100: bytes=32 time=282ms TTL=49



Ping statistics for 209.85.143.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 282ms, Maximum = 335ms, Average = 308ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=475ms TTL=45

Reply from 209.191.122.70: bytes=32 time=467ms TTL=45



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 467ms, Maximum = 475ms, Average = 471ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...1c 6f 65 48 71 81 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
0x3 ...00 1e 10 1f ea 86 ...... HUAWEI Mobile Connect - 3G Network Card #2 - Packet Scheduler Miniport
0x4 ...00 ff 98 db 8d fc ...... Juniper Network Connect Virtual Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.118 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.118 192.168.1.118 30
192.168.1.118 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.118 192.168.1.118 30
224.0.0.0 240.0.0.0 192.168.1.118 192.168.1.118 30
255.255.255.255 255.255.255.255 192.168.1.118 4 1
255.255.255.255 255.255.255.255 192.168.1.118 2 1
255.255.255.255 255.255.255.255 192.168.1.118 192.168.1.118 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (06/20/2012 05:50:40 AM) (Source: Service Control Manager) (User: )
Description: The MSSQLSERVER service failed to start due to the following error:
%%2

Error: (06/20/2012 05:49:57 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.117 for the Network Card with network address 001E101FEA86 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/20/2012 05:47:37 AM) (Source: Service Control Manager) (User: )
Description: The MSSQLSERVER service failed to start due to the following error:
%%2

Error: (06/19/2012 09:06:38 PM) (Source: Service Control Manager) (User: )
Description: The MSSQLSERVER service failed to start due to the following error:
%%2

Error: (06/19/2012 09:06:10 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.110 for the Network Card with network address 001E101FDB29 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/19/2012 09:03:29 PM) (Source: Service Control Manager) (User: )
Description: The MSSQLSERVER service failed to start due to the following error:
%%2

Error: (06/19/2012 06:27:15 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/19/2012 06:26:57 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/19/2012 06:26:47 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/19/2012 06:26:18 PM) (Source: 0) (User: )
Description: \Device\CdRom0


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ABCexplorer 1.5.0
AbcMus 2.0
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Akamai NetSession Interface Service
Amazon Kindle
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.13 (Unicode)
AutoCAD LT 2009 - English (Version: 17.2.56.0)
Batch Update (Version: 3.0)
Bible Data Type System Files (Version: 3.0)
Bonjour (Version: 3.0.0.10)
Broadband to Go (Version: 1.0.0)
CCleaner (Version: 3.16)
Clause Visualizer (Version: 3.0)
CoffeeCup Free HTML Editor
Common System Files (Version: 3.0)
Core FTP LE
CutePDF Writer 2.8
Definition update for Microsoft Office 2010 (KB982726)
Doxillion Document Converter
Eco Materials Adviser (Version: 1.32.0.0)
eMusic Download Manager (Version: 5.0.3)
Express Zip File Compression Software
FILE RECOVERY for Windows (Version: 1.0.183)
Folder Size Shell Extension v3.2
Freecorder 5 (Version: 5.11)
Freemake Video Converter version 3.0.2 (Version: 3.0.2)
GNU Ghostscript 7.06
GNU Ghostscript Fonts
Google AdWords Editor (Version: 9.7.1)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Graphical Query Editor (Version: 3.0)
Guitar Pro 6
ImgBurn (Version: 2.5.7.0)
Ipswitch WS_FTP 12 (Version: 12.3)
IT9130 Driver v11.10.19.1
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.14951)
Juniper Networks Setup Client (Version: 2.1.2.5973)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
LAME v3.99.3 (for Windows)
Libronix Digital Library System
Libronix Digital Library System (Version: 3.0)
Libronix DLS Application (Version: 3.0)
Libronix DLS Shortcuts (Version: 3.0)
Libronix Update (Version: 3.0)
LLS Resource Driver (Version: 3.0)
Logos 4 Prerequisites (Version: 4.52.02079)
Logos Bible Software 4 (Version: 4.52.02208)
Market Samurai (Version: 0.88.69)
Meteor Hotspot (Version: TOOL-ConnLaucher_WIN1.01.01.394)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft adCenter Desktop (Version: 8.1.11101.1)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.0.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.4518.1066)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Desktop Engine (Version: 8.00.194)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.30319)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu (Version: 3.5.30729)
Microsoft WSE 2.0 SP3 (Version: 2.0.5050.0)
Microsoft WSE 3.0 (Version: 3.0.5305.0)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XML Parser and SDK (Version: 4.10.9404.0)
MixPad Audio Mixer
Mozilla Firefox 11.0 (x86 en-GB) (Version: 11.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Nokia Ovi Suite (Version: 2.1.0.87)
Nokia Ovi Suite Software Updater (Version: 02.04.003.40902)
Norton Internet Security (Version: 19.7.1.5)
Norton Security Scan (Version: 3.1.1.6)
O2 Broadband (Version: 11.302.09.08.116)
OEB Resource Driver (Version: 3.0)
OnlyWire (Version: 2.0.3)
Ovi Desktop Sync Engine (Version: 1.2.254.0)
OviMPlatform (Version: 2.6.86.0)
Parts List Tab (Version: 1.0.0)
PC Connectivity Solution (Version: 10.5.1.0)
PDF Resource Driver (Version: 3.0)
PMB (Version: 5.8.02.10270)
Quick Uninstall Tool for Autodesk Inventor 2012 (Version: 16.0.16000.0000)
QuickTime (Version: 7.71.80.42)
Realtek AC'97 Audio (Version: 5.36)
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver (Version: 5.10.0.6083)
RoboForm 7-6-3 (All Users) (Version: 7-6-3)
Sentence Diagramming (Version: 3.0)
Skype Click to Call (Version: 6.0.10201)
Skype™ 5.8 (Version: 5.8.158)
Snagit 10.0.1 (Version: 10.0.1)
Spybot - Search & Destroy (Version: 1.6.2)
Stealth Keyword Competition Analyzer 2.2.4
SweetIM for Messenger 3.6 (Version: 3.6.0008)
Switch Sound File Converter
TextCrawler 2.1 (Version: 2.1)
The Dragon Dance
The Dream Voyagers
TheBestSpinner
Traffic Travis 3.3.15
TwelveKeys Music Transcription Software
UltimateDomainFinder (Version: 0.06)
UltimateDomainFinder (Version: v0.06)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update Manager for SweetPacks 1.0 (Version: 1.0.0005)
Update or Uninstall SENukeX (Version: 1.0.0.149)
Vault Web View (Version: 1.0.0)
VBA (2627.01) (Version: 6.03.00.9402)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 1.1.11 (Version: 1.1.11)
WavePad Sound Editor
Web Assistant 2.0.0.445
Web Deployment Tool (Version: 1.1.0618)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer XML Toolset 3.5 (Version: 3.5.2519.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Resource Kit Tools (Version: 5.2.3790)
WinRAR 4.10 beta 3 (32-bit) (Version: 4.10.3)
WinSCP 4.3.5 (Version: 4.3.5)
WinZip (Version: 9.0 SR-1 (6224))
Your Article Submitter Pro 1.0
Z 39.50 Library (Version: 3.0)

========================= Devices: ================================

Name: NT Apm/Legacy Interface Node
Description: NT Apm/Legacy Interface Node
Class Guid: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Manufacturer: Microsoft
Service: NtApm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PC/AT PS/2 Keyboard (84-Key)
Description: PC/AT PS/2 Keyboard (84-Key)
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3325.49 MB
Available physical RAM: 2419.22 MB
Total Pagefile: 5234.14 MB
Available Pagefile: 4336.07 MB
Total Virtual: 3071.88 MB
Available Virtual: 2993.87 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:488.28 GB) (Free:246.11 GB) NTFS
3 Drive f: (Meteor Hotspot) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive g: (Part2) (Fixed) (Total:443.23 GB) (Free:144.1 GB) NTFS

========================= Users: ========================================

User accounts for \\CMASTER

Administrator ASPNET Guest
HelpAssistant IUSR_CMASTER IWAM_CMASTER
SUPPORT_388945a0 tmccarrick_c tom

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini031912-01.dmp
C:\WINDOWS\Minidump\Mini032312-01.dmp
C:\WINDOWS\Minidump\Mini032912-01.dmp
C:\WINDOWS\Minidump\Mini040212-01.dmp
C:\WINDOWS\Minidump\Mini040512-01.dmp
C:\WINDOWS\Minidump\Mini041212-01.dmp
C:\WINDOWS\Minidump\Mini041312-01.dmp
C:\WINDOWS\Minidump\Mini042012-01.dmp
C:\WINDOWS\Minidump\Mini042612-01.dmp
C:\WINDOWS\Minidump\Mini060612-01.dmp
C:\WINDOWS\Minidump\Mini060612-02.dmp
========================= Restore Points ==================================

26-04-2012 16:32:03 Software Distribution Service 3.0
26-04-2012 18:33:41 System Checkpoint
27-04-2012 18:53:39 System Checkpoint
28-04-2012 19:08:36 System Checkpoint
30-04-2012 11:08:16 System Checkpoint
01-05-2012 12:10:50 System Checkpoint
02-05-2012 12:15:28 Installed Logos 4 Prerequisites
02-05-2012 12:17:02 Installed DirectX
02-05-2012 12:17:23 Installed Logos Bible Software 4
03-05-2012 16:47:19 System Checkpoint
05-05-2012 20:20:21 System Checkpoint
07-05-2012 08:37:38 System Checkpoint
07-05-2012 09:17:06 Installed Broadband to Go
08-05-2012 10:01:27 System Checkpoint
09-05-2012 11:00:59 System Checkpoint
10-05-2012 12:58:17 System Checkpoint
11-05-2012 12:58:43 System Checkpoint
14-05-2012 05:31:10 System Checkpoint
16-05-2012 03:02:13 System Checkpoint
17-05-2012 08:09:49 Installed Logos Bible Software 4
18-05-2012 08:51:13 System Checkpoint
18-05-2012 09:21:40 Installed Logos Bible Software 4
19-05-2012 16:24:23 System Checkpoint
21-05-2012 08:39:52 System Checkpoint
22-05-2012 09:59:04 System Checkpoint
23-05-2012 10:36:02 System Checkpoint
24-05-2012 11:37:17 System Checkpoint
26-05-2012 06:43:08 System Checkpoint
28-05-2012 05:22:19 System Checkpoint
29-05-2012 07:52:38 System Checkpoint
30-05-2012 08:59:12 System Checkpoint
31-05-2012 18:20:56 System Checkpoint
31-05-2012 23:26:19 Removed Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
31-05-2012 23:27:12 Removed Autodesk Material Library 2012.
04-06-2012 20:54:46 System Checkpoint
06-06-2012 04:56:26 System Checkpoint
07-06-2012 06:39:40 Removed SweetPacks Toolbar for Internet Explorer 4.6
07-06-2012 06:51:14 Removed Microsoft SQL Server VSS Writer
07-06-2012 14:47:57 Removed Microsoft SQL Server 2008 R2 Native Client
10-06-2012 16:21:47 System Checkpoint
11-06-2012 17:58:17 System Checkpoint
12-06-2012 17:08:38 Installed Logos Bible Software 4
14-06-2012 07:11:48 System Checkpoint
15-06-2012 08:14:40 System Checkpoint
16-06-2012 08:29:23 System Checkpoint
16-06-2012 21:43:28 Removed Java™ 6 Update 31
18-06-2012 19:36:29 System Checkpoint
19-06-2012 09:14:38 Installed Microsoft Visual C++ 2005 Redistributable
19-06-2012 22:43:53 Installed Java™ 7 Update 5
19-06-2012 22:44:32 Installed JavaFX 2.1.1

**** End of log ****

Hi

Step 1

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to Control Panel > "Add/Remove Programs" (Windows XP) / or "Programs and Features" (Windows Vista / 7), and remove either AVG or Norton.


Step 2

Restart the Computer.


Step 3

Double click SecurityCheck.exe on your desktop and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4

How is the computer running now?

OK, here is the output from Security Check:
(I don't know why it mentions AVG - I have removed it from my PC)



Results of screen317's Security Check version 0.99.42
Windows XP x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2011
Norton Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.0)
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Hi

Ok lets try to get rid of the remnants:

Step 1

On link, please follow the steps under Manual Uninstall (Complete Removal of AVG)


Step 2

Double click SecurityCheck.exe on your desktop and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I ran the manual AVG remover but it looks like Security Check is still finding something by AVG:

Results of screen317's Security Check version 0.99.42
Windows XP x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2011
Norton Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.0)
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Hi

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main text field:
  
  

  :filefind
  *avg*
  
  :regfind
  *avg*
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

OK, here it is:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:06 on 22/06/2012 by tom
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\9b5ec7eb9a0ff0f3baf70e39\x86\setup\sql_engine_core_shared_msi\pfiles\sqlservr\100\com\ssravg.dll --a---- 41824 bytes [09:24 02/07/2011] [18:47 03/04/2010] 0B0FAD51D0B07FCC7DA5D066969B2788
C:\Autodesk\Autodesk_Vault_Server_2012_English_Win_32-64bit\3rdParty\Sql2008Express\x86\setup\sql_engine_core_shared_msi\pfiles\sqlservr\100\com\ssravg.dll --a---- 44568 bytes [18:26 07/07/2011] [17:03 09/02/2011] 6F5B67CBC332D4BF109D64FE9BAFC7C4
C:\CAD\SQL\x86\setup\sql_engine_core_shared_msi\pfiles\sqlservr\100\com\ssravg.dll --a---- 41824 bytes [10:47 03/04/2010] [10:47 03/04/2010] 0B0FAD51D0B07FCC7DA5D066969B2788
C:\Documents and Settings\All Users\Documents\Server Disk\x86\Support\Sql2008Express\x86\setup\sql_engine_core_shared_msi\pfiles\sqlservr\100\com\ssravg.dll --a---- 44568 bytes [08:23 15/10/2011] [15:16 22/02/2010] 6F5B67CBC332D4BF109D64FE9BAFC7C4
C:\Documents and Settings\tom\Downloads\avg_free_stb_all_2011_1191_cnet.exe --a---- 4622344 bytes [01:07 01/04/2011] [17:20 14/01/2011] 3D16345B05FB513BAD9117EFA943055A
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\3XLZ3JXU\getmdrcdCAVGOVA4.xml --a---- 309 bytes [10:20 19/06/2012] [10:20 19/06/2012] 2B3A0663982B98B0907B38D598A498A7
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\7ZH8MS9W\getmdrcdCAVGDSU0.xml --a---- 309 bytes [08:49 16/06/2012] [08:49 16/06/2012] 86641EB0FB2FD0FE23C9C75E65F2628E
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\7ZH8MS9W\GetMDRCDPOSTURLCAVGYJQQ.aspx --a---- 171 bytes [23:58 18/06/2012] [23:58 18/06/2012] 5108BFAD25C1E364165E6B02B2F389E1
C:\Documents and Settings\tom\My Documents\Downloads\avgremover.log --a---- 243933 bytes [09:32 22/06/2012] [09:35 22/06/2012] AAF5CC3DAECBEC49EE976ED94D9073BB
C:\Documents and Settings\tom\My Documents\Downloads\avg_remover_stf_x86_2012_2125.exe --a---- 1973368 bytes [09:32 22/06/2012] [09:32 22/06/2012] 9D01A11C3C74A887F68759A04DD35D71
C:\Documents and Settings\tom\My Documents\Downloads\old\avg_free_stb_all_2011_1321_cnet.exe --a---- 5497592 bytes [21:12 21/04/2011] [21:13 21/04/2011] 71AE859301582B6693FA85B56DDF54F5
C:\Documents and Settings\tom\My Documents\IM\Clickbank\php-5.4.0\ext\standard\tests\general_functions\sys_getloadavg.phpt --a---- 365 bytes [21:24 17/03/2012] [13:44 26/04/2010] 2F313A76478296EB973AF9A2A577ED05
C:\Documents and Settings\tom\Recent\avgremover.log.lnk --a---- 813 bytes [09:39 22/06/2012] [09:39 22/06/2012] 504E8CFC76A84D42B0DDED7BA7A56789
C:\Program Files\Microsoft SQL Server\80\COM\ssravg.dll --a---- 47864 bytes [16:41 26/09/2011] [23:06 03/05/2005] 04CC175B7AB0CF1A834692367BAE1792
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\VBExpress\Snippets\1033\data\LINQ Queries\Query - Grouping\qAggregateAvg.snippet --a---- 2313 bytes [11:17 23/05/2007] [11:17 23/05/2007] FC64EE70438D911163E1EDCFEC70BD12
C:\Program Files\Microsoft Visual Studio 9.0\VB\Snippets\1033\data\LINQ Queries\Query - Grouping\qAggregateAvg.snippet --a---- 2313 bytes [10:17 23/05/2007] [10:17 23/05/2007] FC64EE70438D911163E1EDCFEC70BD12
C:\rec\rec\Root\Maxtor backup\TOM-PC\History\Level2\C\Users\Public\Desktop\AVG Free 8.0.lnk --a---- 1647 bytes [23:58 16/04/2009] [16:03 24/05/2008] 11BDDB5B8FDE4D05D5DB9B3001104995
C:\rec\rec\Root\Maxtor backup\TOM-PC\History\Level2\C\Users\tom\AppData\Local\Google\Picasa2\db2\imagedata_avgcolor.pmp --a---- 4772 bytes [23:58 16/04/2009] [12:47 26/01/2009] 1F630D98E922E9287EC9EDF39808941A
C:\rec\rec\Root\Maxtor backup\TOM-PC\History\Level2\C\Users\tom\AppData\Local\Google\Picasa2\db3\imagedata_avgcolor.pmp --a---- 11308 bytes [23:58 16/04/2009] [09:38 21/03/2009] BC557AA08E7551C149F281D340571098
C:\SQL2KSP4c\x86\binn\ssravg.dll --a---- 47864 bytes [23:06 03/05/2005] [23:06 03/05/2005] 04CC175B7AB0CF1A834692367BAE1792
C:\WINDOWS\Installer\$PatchCache$\Managed\10B07BFE3F1B0694BA96A48200486AC0\8.0.194\ssravg.dll.185C1D8F_1545_4277_BB64_857D2622DB57 -ra---- 42504 bytes [10:17 06/08/2000] [10:17 06/08/2000] 9768C3D28637F0CCE272E0AC2F1FB2A6
C:\WINDOWS\Installer\$PatchCache$\Managed\2D40498649C13B442930EB5C95F4ADA7\8.0.194\ssravg.dll.185C1D8F_1545_4277_BB64_857D2622DB57 -ra---- 42504 bytes [10:17 06/08/2000] [10:17 06/08/2000] 9768C3D28637F0CCE272E0AC2F1FB2A6
C:\WINDOWS\Prefetch\AVG_REMOVER_STF_X86_2012_2125-2060089C.pf --a---- 33244 bytes [09:32 22/06/2012] [09:35 22/06/2012] EA70CB74063B29D4219C363F60981967

========== regfind ==========

Searching for "*avg*"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{c671678c-82c1-43f3-d700-0049433e9a4b}\翸ञƈ6(ŖࠌC:\rec\rec\Root\Maxtor backup\TOM-PC\History\Level2\C\Users\tom\Documents\IM\Wordpress\pligg\Pligg CMS 1.0.0 RC2\modules\anonymous_comments\*AVG*]

-= EOF =-

Hi

I've asked for assistance on this. I will come back to you soon.