I wonder if AVG is finding stuff in Combofix's quarantine or in old restore points. Lets uninstall it and reset your restore points.

First Combofix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
  

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply, and then click OK.

Restart your computer.

Turn ON System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• UN-Check Turn off System Restore.
• Click Apply, and then click OK.

System Restore will now be active again.

Now just to make sure, lets run a different online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

Hi again...

I did the first part of that early this morning, then cranked up the anti-virus and let it run when I left for work.

It reported nothing, and here's the log.

I haven't heard any reports of AVG throwing messages today, so that might have been it.

Thanks!

-Dave

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3761 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=ffe027c3167c604b81e48dbb1d17196a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-13 02:09:31
# local_time=2009-01-13 07:09:31 (-0700, US Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=210669
# found=0
# scan_time=2626

Hey Dave,

Well your log appears clean again!

The first thing we need to do is to remove any remaining tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove any quarantined Malware from your computer.

Click Here to download OTCleanIt
Double-click OTCleanIt.exe to run it.
Click the Clean up button
Click Yes to the reboot.

Now delete any logs that you have left over on your desktop, and any tools that OTCleanIt missed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For some useful tips on staying clean, along with links to some freeware to help, have a look at this page.

To find out more information about how you got infected in the first place, you can read this article.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now as with any rootkit infection, there is always the chance that something has remained hidden away, so I will keep this log open for the next couple of days. If you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat

Thanks RatHat, it's doing the reboot now.

I gave you guys a plug on my blog, so hopefully any Silverlight folks that have problems will show up at your door

http://geekswithblogs.net/WynApseTechnical.../12/128592.aspx

Hopefully I won't be back, at least not with this go-around.

Thanks again...

-Dave

You are more than welcome Dave!

And I hope that you wont be back (and I mean that in the nicest way!)

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.