AVG keeps finding news instances of... something
- Thread starter kenny5277
- Start date
- Status
jeffce
Emeritus
Hi Kenny,
I don't think that this problem is malware related but a problem with your drivers. I would recommend that you start a new topic here and let them know your remaining problems. They will be able to better assist you with these problems than I can. When you do post your new topic be sure to post the link here as well so the helpers can see what we have done.
When they finish be sure to come back here and I can remove our tools and give you some good information on keeping your system secure.
I don't think that this problem is malware related but a problem with your drivers. I would recommend that you start a new topic here and let them know your remaining problems. They will be able to better assist you with these problems than I can. When you do post your new topic be sure to post the link here as well so the helpers can see what we have done.
When they finish be sure to come back here and I can remove our tools and give you some good information on keeping your system secure.
Hey Jeff. I'm back, but things have taken an unexpected turn.
I went to the other forum as you suggested and started a thread. In the course of the thread I remembered that I had an Acronis image file of my laptop with a fresh XP install, and since I had so much crap on my machine anyway, I just decided to restore the image and basically start fresh. (I also made a complete image of the C drive as it was before I did the restore, which is on my external 3 TB drive). As I expected, that "hardware interrupt..." problem is gone.
I installed AVG, and maybe 3 other things only (Chrome, MS Office, Skype, Pamela for skype). I copied on to the freshly installed machine only some personal document folders, and the google chrome application data folder (to get my bookmarks), and some folders in Pamela (if you're unfamiliar, Pamela works with skype to give features like voicemail, video recording, etc...).
So I'm completely surprised when I just walked in and noticed AVG found 4 instances of a virus threat!!!
So I'm thinking either:
1. The malware is on my external drive. OR
2. I managed to catch a new threat in record time (unlikely. I haven't done anything risky).
so WTF??!!!
I'm attaching a screenshot of AVG's threat detections, and I'll post a DDS log in another post. Help!!
I went to the other forum as you suggested and started a thread. In the course of the thread I remembered that I had an Acronis image file of my laptop with a fresh XP install, and since I had so much crap on my machine anyway, I just decided to restore the image and basically start fresh. (I also made a complete image of the C drive as it was before I did the restore, which is on my external 3 TB drive). As I expected, that "hardware interrupt..." problem is gone.
I installed AVG, and maybe 3 other things only (Chrome, MS Office, Skype, Pamela for skype). I copied on to the freshly installed machine only some personal document folders, and the google chrome application data folder (to get my bookmarks), and some folders in Pamela (if you're unfamiliar, Pamela works with skype to give features like voicemail, video recording, etc...).
So I'm completely surprised when I just walked in and noticed AVG found 4 instances of a virus threat!!!
So I'm thinking either:
1. The malware is on my external drive. OR
2. I managed to catch a new threat in record time (unlikely. I haven't done anything risky).
so WTF??!!!
I'm attaching a screenshot of AVG's threat detections, and I'll post a DDS log in another post. Help!!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by moe at 1:18:15 on 2011-11-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.540 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Pamela\pamela.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\moe\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [pamela.exe] "c:\program files\pamela\pamela.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\moe\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310704740187
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{437F6C09-69C6-43A2-96BA-F21E51DDE9BA} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-14 22:49:08 -------- d--h--w- C:\$AVG
2011-11-13 23:54:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-11-13 22:38:31 -------- d-----w- c:\documents and settings\moe\application data\Pamela
2011-11-13 22:38:28 172544 ----a-w- c:\windows\system32\RemoteControl.dll
2011-11-13 22:38:26 -------- d-----w- c:\program files\Pamela
2011-11-13 22:34:32 -------- d-----r- c:\program files\Skype
2011-11-13 21:50:14 -------- d-----w- c:\documents and settings\moe\application data\AVG2012
2011-11-13 21:49:46 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-11-13 21:49:17 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-13 21:49:17 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-11-13 21:48:51 -------- d-----w- c:\program files\AVG
2011-11-13 21:46:23 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-11-13 21:37:41 -------- d-----w- c:\documents and settings\moe\local settings\application data\Google
2011-11-13 21:37:25 -------- d-----w- c:\documents and settings\moe\local settings\application data\Deployment
2011-11-13 20:55:18 293376 ------w- c:\windows\system32\browserchoice.exe
2011-11-13 20:47:16 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-13 20:47:16 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-11-13 20:45:09 44544 ----a-w- c:\windows\system32\agremove.exe
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 1:18:48.79 ===============
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by moe at 1:18:15 on 2011-11-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.540 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Pamela\pamela.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\moe\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [pamela.exe] "c:\program files\pamela\pamela.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\moe\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310704740187
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{437F6C09-69C6-43A2-96BA-F21E51DDE9BA} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-14 22:49:08 -------- d--h--w- C:\$AVG
2011-11-13 23:54:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-11-13 22:38:31 -------- d-----w- c:\documents and settings\moe\application data\Pamela
2011-11-13 22:38:28 172544 ----a-w- c:\windows\system32\RemoteControl.dll
2011-11-13 22:38:26 -------- d-----w- c:\program files\Pamela
2011-11-13 22:34:32 -------- d-----r- c:\program files\Skype
2011-11-13 21:50:14 -------- d-----w- c:\documents and settings\moe\application data\AVG2012
2011-11-13 21:49:46 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-11-13 21:49:17 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-13 21:49:17 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-11-13 21:48:51 -------- d-----w- c:\program files\AVG
2011-11-13 21:46:23 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-11-13 21:37:41 -------- d-----w- c:\documents and settings\moe\local settings\application data\Google
2011-11-13 21:37:25 -------- d-----w- c:\documents and settings\moe\local settings\application data\Deployment
2011-11-13 20:55:18 293376 ------w- c:\windows\system32\browserchoice.exe
2011-11-13 20:47:16 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-13 20:47:16 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-11-13 20:45:09 44544 ----a-w- c:\windows\system32\agremove.exe
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 1:18:48.79 ===============
jeffce
Emeritus
Hi Kenny,
The entries that are being shown by AVG are all in restore points on your system. So as long as you don't go back to that restore point than they are nothing to worry about.
To be on the safe side, let's do an ESET scan on your system, including your external harddrive (be sure that is connected).
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
----------
The entries that are being shown by AVG are all in restore points on your system. So as long as you don't go back to that restore point than they are nothing to worry about.
To be on the safe side, let's do an ESET scan on your system, including your external harddrive (be sure that is connected).
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Click on
- Check
- Click the Start button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the Back button.
- Push Finish
----------
jeffce
Emeritus
Hi Kenny,
Lets go ahead and remove all of your restore points except the most recent.
Remove all System Restore points except the most recent one:
To do this:
Lets go ahead and remove all of your restore points except the most recent.
Remove all System Restore points except the most recent one:
To do this:
- Click Start > All Programs > Accessories > System Tools > Click Disc Cleanup
- Now launch this utility and click More Options tab.
- Under this click System Restore and followed by that click Clean Up tab a message will popup -Are you sure you want to delete all but the most recent restore point? Click Yes then OK.
- Finally another message will popup-Are you sure you want to perform these actions? Click Yes.
jeffce
Emeritus
Hi Kenny,
You know, this is just my opinion but you might try another antivirus program other than AVG. AVG is quite a resource hog on a computer. You may be better served using Microsoft Security Essentials (my favorite) or Avast. They are both free and are very good antivirus programs. Just my opinion.
You know, this is just my opinion but you might try another antivirus program other than AVG. AVG is quite a resource hog on a computer. You may be better served using Microsoft Security Essentials (my favorite) or Avast. They are both free and are very good antivirus programs. Just my opinion.
jeffce
Emeritus
Hi Kenny,
Sorry I have been at work all day.
You can go ahead and delete the files by browsing to the files and deleting them. They are not necessarily infections but they can go.
Delete these:
E:\Backup\Documents and Settings\Moe\My Documents\Temp Downloads\HSS-1.37-install-anchorfree-76-conduit.exe <=======
E:\Kenny's Stuff\software\Nero 8\Toolbar.exe <=======
E:\Kenny's Stuff\software\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe <=======
Sorry I have been at work all day.
You can go ahead and delete the files by browsing to the files and deleting them. They are not necessarily infections but they can go.
Delete these:
E:\Backup\Documents and Settings\Moe\My Documents\Temp Downloads\HSS-1.37-install-anchorfree-76-conduit.exe <=======
E:\Kenny's Stuff\software\Nero 8\Toolbar.exe <=======
E:\Kenny's Stuff\software\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe <=======
)
jeffce
Emeritus
LOL!! I have family in Leipzig. I have been to Berlin and love it there. I actually lived in Mannheim for four years.
As you will read below you can just delete all of those tools that we used earlier.
------------
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN
SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Open Internet Explorer
- Click on Tools > Internet Options
- Press Security tab
- Select Internet zone then place check next to Enable Protected Mode if not already done
- Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
- Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
- Status