AVG keeps finding news instances of... something

**jeffce** · 2011-11-04, 12:19

Hi Kenny,

Have you decided what antivirus program you are going to use? There may still be some conflict with the two that will seriously degrade your computers performance. I would recommend removing one of them completely. Let me know which one that you want to get rid of and I will get you the removal tool for it.

----------

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply let me know which antivirus program you would like to remove and then post the log created by aswMBR.exe.

**kenny5277** · 2011-11-04, 14:20

Jeff, the bug is still here. :( I just got another detection notice from AVG.

To respond to your last post, I've been with AVG for awhile so I'll think I'll stick with that. Can I keep ad-aware on my machine for occasional scans without using the active real-time AV?

I have to run now, but I'll run that scan that you mention when I get home.

Thanks for your continued help!

**jeffce** · 2011-11-04, 15:39

Hi Kenny

What is AVG showing? That may help us target this better.

Yes you can keep Ad-Aware if you choose but be sure it is not running in real-time.

No hurry with the scan. I apologize that this is taking so long but sometimes malware removal can sometimes be quite a task.

**kenny5277** · 2011-11-04, 21:05

Hey Jeff. I understand this can take time. I appreciate you sticking with me through it!!

Here's a screenshot of the AVG threat detection. Should I go ahead with that scan now?

**jeffce** · 2011-11-04, 21:51

Hi Kenny,

Thanks for the screenshot.

That won't be a problem at all. When we remove ComboFix that file will be removed too.

Go ahead and run aswMBR with the instructions I gave you earlier and then post that log when you get it.

**kenny5277** · 2011-11-05, 11:05

Here it is.

**jeffce** · 2011-11-05, 16:36

Hi Kenny,

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

Driver::
WINRM

NetSvc::
WINRM

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

**kenny5277** · 2011-11-05, 17:54

ComboFix 11-11-05.02 - moe 11/05/2011 17:01:56.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1301 [GMT 1:00]
Running from: c:\documents and settings\moe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\moe\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinRM
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 16:32 . 2011-11-05 16:32 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-11-05 16:28 . 2011-11-05 16:28 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-11-03 12:18 . 2011-11-03 12:18 -------- d-----w- c:\program files\ESET
2011-11-01 11:25 . 2011-11-01 11:26 -------- d-----w- c:\program files\ERUNT
2011-10-25 13:05 . 2011-11-03 21:31 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-24 17:59 . 2011-10-24 17:59 -------- d-----w- C:\$AVG
2011-10-24 10:09 . 2011-10-24 10:09 -------- d-----w- c:\documents and settings\moe\Application Data\AVG2012
2011-10-24 10:07 . 2011-10-24 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-21 00:46 . 2011-10-21 00:46 -------- d-----w- c:\program files\AVIcodec
2011-10-21 00:38 . 2011-10-21 00:38 -------- d-----w- c:\documents and settings\moe\Application Data\DDMSettings
2011-10-17 16:36 . 2011-10-17 16:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-10-13 05:01 . 2011-10-13 05:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-10-12 18:51 . 2011-10-12 18:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-10-12 18:50 . 2011-10-12 18:51 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 14:28 . 2011-09-25 13:12 44544 ----a-w- c:\windows\system32\agremove.exe
2011-11-01 09:48 . 2011-08-23 21:19 172544 ----a-w- c:\windows\system32\RemoteControl.dll
2011-10-07 05:23 . 2011-01-07 12:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-02-10 13:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-26 09:41 . 2008-12-22 17:48 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-12-22 17:48 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 04:30 . 2011-03-16 22:03 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2008-04-14 11:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-04-14 07:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2011-08-28 21:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-28 21:01 . 2011-08-28 21:16 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-28 21:01 . 2011-08-28 21:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-22 23:48 . 2008-12-22 18:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-12-22 18:03 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-12-22 18:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-12-22 18:02 385024 ------w- c:\windows\system32\html.iec
2011-08-18 13:25 . 2011-08-28 20:58 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-17 13:49 . 2008-04-14 06:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 04:08 . 2011-03-01 20:25 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-22 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-02_00.35.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-05 16:34 . 2011-11-05 16:33 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-02 00:34 . 2011-11-02 00:34 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-05 16:34 . 2011-11-05 16:33 16384 c:\windows\temp\History\History.IE5\index.dat
- 2011-11-02 00:34 . 2011-11-02 00:34 16384 c:\windows\temp\History\History.IE5\index.dat
- 2011-11-02 00:34 . 2011-11-02 00:34 16384 c:\windows\temp\Cookies\index.dat
+ 2011-11-05 16:34 . 2011-11-05 16:33 16384 c:\windows\temp\Cookies\index.dat
+ 2011-11-02 23:05 . 2011-11-02 23:05 442368 c:\windows\ERDNT\AutoBackup\11-3-2011\Users\00000002\UsrClass.dat
+ 2011-11-02 23:05 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-3-2011\ERDNT.EXE
+ 2011-11-04 10:00 . 2011-11-04 10:00 4671488 c:\windows\Installer\83812d4.msi
+ 2011-11-04 09:49 . 2011-11-04 09:49 4674560 c:\windows\Installer\8381294.msi
+ 2011-11-05 16:39 . 2011-11-05 16:40 17780736 c:\windows\ERDNT\AutoBackup\11-5-2011\Users\00000001\NTUSER.DAT
+ 2011-11-02 23:04 . 2011-11-02 23:05 17780736 c:\windows\ERDNT\AutoBackup\11-3-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"pamela.exe"="c:\program files\Pamela\Pamela.exe" [2011-11-01 11909120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-12 273528]
.
c:\documents and settings\moe\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\moe\Application Data\Dropbox\bin\Dropbox.exe [2011-7-20 24176560]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2011-7-21 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-10-12 18:50 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\moe\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\moe\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 3:13 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 11:03 PM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/28/2011 9:58 PM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 1:41 PM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 7:59 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [10/6/2011 1:21 AM 288088]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
RUnknown rpcnetp;rpcnetp; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 8:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2011 2:19 AM 136176]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/15/2011 4:28 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 2:53 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 2:53 PM 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2011 2:19 AM 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 2:25 PM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 8:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RPCNETP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 21:02]
.
2011-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 01:19]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 01:19]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-842925246-1801674531-1004Core.job
- c:\documents and settings\moe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 03:49]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-842925246-1801674531-1004UA.job
- c:\documents and settings\moe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 03:49]
.
2011-11-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-842925246-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-842925246-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail/?source=navclient-ff&shva=1#inbox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1748)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-11-05 17:48:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 16:48
ComboFix2.txt 2011-11-03 23:25
ComboFix3.txt 2011-11-03 10:45
ComboFix4.txt 2011-11-02 00:48
.
Pre-Run: 40,878,555,136 bytes free
Post-Run: 40,913,092,608 bytes free
.
- - End Of File - - 05ADAB2A9DBAA5DDA2F8B3C7AC44C1B0

**jeffce** · 2011-11-05, 22:30

Hi Kenny,

Would you please run ESET online scan again and then post the log that is created into your next reply.

**kenny5277** · 2011-11-06, 18:14

Threats found!

Thread: AVG keeps finding news instances of... something

Thread Tools

Display

Posting Permissions