Am I still infected?

[Adrian McNair]

Well, I tried using the AVG Remover program. It doesn't seem to have removed AVG 2011 (even after I restarted my system several times). Now AVG has performed an automatic update and it keeps asking me to restart my machine (. It's become a nuisance and I can't get rid of it. This issue seems to be limited only to AVG. I was able to uninstall other programs that I didn't have a use for but AVG 2011 stubbornly refuses to be removed.

I've attached the AVG remover log for clarification purposes. This whole situation is like a never-ending nightmare.

[Blade81]

Hi again,

Reboot to make AVG finish its update. Then try to uninstall it in add/remove programs. If it still fails try AppRemover.

[Adrian McNair]

Hi again,

Reboot to make AVG finish its update. Then try to uninstall it in add/remove programs. If it still fails try AppRemover.

Hello again. I was able to use AppRemover to uninstall AVG 2011. I then utilised ComboFix afterward. However, the problem is still there. Personally, rather than being Malware or a virus, I think it's connected with my hard-drive's bad sectors (there have been many crashes and forced restarts over the years) or some part of Windows being missing (when my Virus-related troubles I was forced to move two System Volume Information files to AVG's virus vault).

For what it's worth here is the Combo Fix log (I tried to install the Windows Recovery Console. but I got an error message).

ComboFix 11-01-03.03 - Owner 01/04/2011 18:02:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.575 [GMT 11:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Local
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
C:\install.exe
c:\windows\daemon.dll
c:\windows\system\qtim32.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-04 to 2011-01-04 )))))))))))))))))))))))))))))))
.

2011-01-03 23:37 . 2011-01-04 06:49 -------- d-----w- c:\windows\system32\drivers\avg
2011-01-03 23:14 . 2011-01-03 23:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2011-01-02 07:41 . 2011-01-02 07:41 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-01-02 07:41 . 2011-01-02 07:41 -------- d-----w- c:\program files\Common Files\xing shared
2011-01-02 07:40 . 2011-01-02 07:40 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-01-02 07:40 . 2011-01-02 07:40 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-02 07:09 . 2011-01-02 07:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-01-02 07:07 . 2011-01-02 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-01-02 07:01 . 2011-01-02 07:01 -------- d-----w- c:\program files\iPod
2011-01-02 07:00 . 2011-01-02 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-02 07:00 . 2011-01-02 07:03 -------- d-----w- c:\program files\iTunes
2011-01-02 06:57 . 2011-01-02 06:57 -------- d-----w- c:\program files\Apple Software Update
2011-01-02 06:52 . 2011-01-02 06:52 -------- d-----w- c:\program files\Bonjour
2011-01-02 06:30 . 2011-01-02 06:30 -------- d-----w- c:\program files\Common Files\Java
2011-01-02 06:29 . 2010-11-12 07:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-02 06:29 . 2010-11-12 07:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-02 06:29 . 2010-11-12 05:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-02 06:10 . 2009-08-06 08:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-12-30 19:13 . 2010-12-30 19:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Secunia PSI
2010-12-30 19:11 . 2010-12-30 19:11 -------- d-----w- c:\program files\Secunia
2010-12-26 04:34 . 2010-12-26 04:34 -------- d-----w- C:\$AVG
2010-12-26 01:49 . 2010-12-26 01:50 -------- d-----w- c:\program files\ERUNT
2010-12-25 01:59 . 2010-12-25 01:59 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-12-25 01:54 . 2010-12-25 01:54 -------- d-----w- C:\VLC
2010-12-25 01:11 . 2010-12-25 01:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-25 00:25 . 2010-12-25 00:25 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-24 22:41 . 2010-12-24 22:41 2951802 ----a-w- C:\EClea2_0.exe
2010-12-24 12:04 . 2010-12-24 12:04 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft
2010-12-15 04:48 . 2010-12-15 08:06 -------- d-----w- c:\documents and settings\Owner\Revenge of the Titans 1.6
2010-12-15 04:48 . 2010-12-23 00:31 -------- d-sh--w- c:\documents and settings\Owner\Local Settings\Application Data\.#
2010-12-15 04:46 . 2010-12-15 04:46 -------- d-----w- c:\program files\Games
2010-12-09 21:59 . 2010-12-09 21:59 -------- d-----w- c:\program files\Radical Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-02 07:40 . 2007-11-16 06:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-20 07:09 . 2010-10-26 03:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-10-26 03:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 06:38 . 2010-11-29 06:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 06:38 . 2010-11-29 06:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-07 01:23 . 2010-10-07 01:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 01:23 . 2010-10-07 01:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 01:23 . 2010-10-07 01:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 01:23 . 2010-10-07 01:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-02 274608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 00:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 06:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 04:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Alias\\Maya8.0\\bin\\maya.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Extracted-1A\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [3/2/2008 4:05 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [3/2/2008 4:05 PM 5248]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [11/24/2009 1:24 PM 6144]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 11:04 PM 399416]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 7:30 PM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 11:04 PM 987704]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/13/2010 3:15 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2011-01-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1035525444-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 00:33]

2011-01-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1035525444-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 00:33]

2011-01-04 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-10-24 04:22]

2009-12-18 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-10-24 04:22]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-04 18:11
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1035525444-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:99,51,a8,19,83,d6,4b,41,4d,fe,69,19,fa,9f,ed,ac,8f,06,bc,31,ec,b3,d8,
67,b0,89,df,af,d7,3d,d9,6a,6f,07,2d,df,03,44,82,ee,2d,a0,00,92,ba,4f,a7,3d,\
"??"=hex:d5,ca,29,05,79,32,36,4d,92,58,b4,49,7f,2e,99,a3

[HKEY_USERS\S-1-5-21-1220945662-1035525444-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:6c,12,53,41,67,2b,8f,92,f1,a6,08,c4,b2,61,c7,5d,7d,c0,00,c4,97,
cf,1c,72,88,13,70,8f,b3,3e,36,28,eb,c4,44,27,b2,5f,f0,f2,2f,ad,1b,a5,70,e4,\
"rkeysecu"=hex:a4,06,1c,5a,92,c5,86,63,dc,f5,10,bd,2f,1e,6e,53

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(704)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-04 18:18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-04 07:18
ComboFix2.txt 2010-01-02 00:32

Pre-Run: 10,710,192,128 bytes free
Post-Run: 10,691,952,640 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=4 Sets=1,2,3,4,5
- - End Of File - - 054F1EC359942928EDA9A894C7E82B07



And the DDS log.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 20:49:17.31 on Tue 01/04/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.154 [GMT 11:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
C:\windows\system32\Ati2evxx.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1293948596578
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293948578093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-3-2 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-3-2 5248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2009-11-24 6144]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]

=============== Created Last 30 ================

2011-01-04 07:32:53 -------- d-----w- c:\docume~1\owner\applic~1\AVG10
2011-01-04 07:26:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-04 07:24:55 -------- d-----w- c:\program files\AVG

[Blade81]

(I tried to install the Windows Recovery Console. but I got an error message)

What error message did you get?

[Adrian McNair]

What error message did you get?

"Boot Partition cannot be enumerated correctly." I have no idea what that's supposed to mean.

Outside of this I did perform scans in safe mode with my various anti-virus/anti-malware programs and nothing came up. So that's something.

[Blade81]

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
dir /s/a c:\boot.ini >logit.txt
start logit.txt
del %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

[Adrian McNair]

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
dir /s/a c:\boot.ini >logit.txt
start logit.txt
del %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

This is what came up.

Volume in drive C has no label.
Volume Serial Number is C050-7274

[Blade81]

Ok. We have to create boot.ini file.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file "c:\boot.ini", change the Save as type to all files and save it.
[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home" /fastdetect


When done, open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
type c:\boot.ini >logit.txt 2>&1
start logit.txt
del %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

[Adrian McNair]

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

Here you go.

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home" /fastdetect

[Blade81]

Edit:

Actually open c:\boot.ini with notepad and change this part:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home" /fastdetect

to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

Save, close the file and do this:

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
type c:\boot.ini >logit.txt 2>&1
start logit.txt
del %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.