Ok I did run Flash_Disinfector and deleted 2 folders I found by the name $AVG on G:\ and H:\
Now, am not planning to use AVG again since I had trouble running Combofix. Am using Avira.
I have to tell you that once in a while I got a popup message from Avira Active Guard about a malware found on H:\ and that is moved to quarantine. Here follows the Log from last warning:
Avira AntiVir Personal
Report file date: Πέμπτη, 10 Μαρτίου 2011 10:17
Scanning for 2470218 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : VASILIS-45A94C9
Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/1/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/1/2011 12:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/4/2010 10:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/1/2011 12:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/2/2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 12:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/2/2011 11:15:09
VBASE003.VDF : 7.11.3.1 2048 Bytes 9/2/2011 11:15:10
VBASE004.VDF : 7.11.3.2 2048 Bytes 9/2/2011 11:15:10
VBASE005.VDF : 7.11.3.3 2048 Bytes 9/2/2011 11:15:10
VBASE006.VDF : 7.11.3.4 2048 Bytes 9/2/2011 11:15:10
VBASE007.VDF : 7.11.3.5 2048 Bytes 9/2/2011 11:15:10
VBASE008.VDF : 7.11.3.6 2048 Bytes 9/2/2011 11:15:10
VBASE009.VDF : 7.11.3.7 2048 Bytes 9/2/2011 11:15:10
VBASE010.VDF : 7.11.3.8 2048 Bytes 9/2/2011 11:15:10
VBASE011.VDF : 7.11.3.9 2048 Bytes 9/2/2011 11:15:11
VBASE012.VDF : 7.11.3.10 2048 Bytes 9/2/2011 11:15:11
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/2/2011 11:15:12
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/2/2011 11:15:13
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/2/2011 11:15:14
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/2/2011 11:15:14
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/2/2011 11:15:14
VBASE018.VDF : 7.11.3.251 159232 Bytes 28/2/2011 11:15:15
VBASE019.VDF : 7.11.4.33 148992 Bytes 2/3/2011 11:14:18
VBASE020.VDF : 7.11.4.73 150016 Bytes 6/3/2011 02:00:35
VBASE021.VDF : 7.11.4.74 2048 Bytes 6/3/2011 02:00:35
VBASE022.VDF : 7.11.4.75 2048 Bytes 6/3/2011 02:00:35
VBASE023.VDF : 7.11.4.76 2048 Bytes 6/3/2011 02:00:35
VBASE024.VDF : 7.11.4.77 2048 Bytes 6/3/2011 02:00:35
VBASE025.VDF : 7.11.4.78 2048 Bytes 6/3/2011 02:00:35
VBASE026.VDF : 7.11.4.79 2048 Bytes 6/3/2011 02:00:35
VBASE027.VDF : 7.11.4.80 2048 Bytes 6/3/2011 02:00:35
VBASE028.VDF : 7.11.4.81 2048 Bytes 6/3/2011 02:00:35
VBASE029.VDF : 7.11.4.82 2048 Bytes 6/3/2011 02:00:35
VBASE030.VDF : 7.11.4.83 2048 Bytes 6/3/2011 02:00:35
VBASE031.VDF : 7.11.4.100 97792 Bytes 7/3/2011 02:00:35
Engineversion : 8.2.4.180
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/1/2011 12:23:26
AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 8/3/2011 02:00:39
AESCN.DLL : 8.1.7.2 127349 Bytes 10/1/2011 12:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/1/2011 12:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/1/2011 12:23:25
AEPACK.DLL : 8.2.4.11 520566 Bytes 3/3/2011 11:14:20
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 8/3/2011 02:00:38
AEHEUR.DLL : 8.1.2.83 3338613 Bytes 8/3/2011 02:00:38
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/3/2011 11:15:17
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/3/2011 11:15:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/1/2011 12:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/3/2011 11:15:17
AEBB.DLL : 8.1.1.0 53618 Bytes 10/1/2011 12:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/1/2011 12:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/1/2011 12:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/6/2010 12:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/1/2011 12:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/1/2011 12:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/1/2011 12:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/1/2011 12:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/6/2010 12:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/1/2011 12:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/6/2010 12:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/1/2010 11:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/1/2011 12:23:52
Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: G:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_f532bcb6\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Start of the scan: Πέμπτη, 10 Μαρτίου 2011 10:17
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'H:\System Volume Information\_restore{2E663128-412D-4110-88DE-59CEE8824EA9}\RP30\A0013309.exe'
H:\System Volume Information\_restore{2E663128-412D-4110-88DE-59CEE8824EA9}\RP30\A0013309.exe
[DETECTION] Is the TR/Dropper.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f462837.qua'.
End of the scan: Πέμπτη, 10 Μαρτίου 2011 10:17
Used time: 00:15 Minute(s)
The scan has been done completely.
0 Scanned directories
34 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
33 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
The scan results will be transferred to the Guard.
Now, am not planning to use AVG again since I had trouble running Combofix. Am using Avira.
I have to tell you that once in a while I got a popup message from Avira Active Guard about a malware found on H:\ and that is moved to quarantine. Here follows the Log from last warning:
Avira AntiVir Personal
Report file date: Πέμπτη, 10 Μαρτίου 2011 10:17
Scanning for 2470218 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : VASILIS-45A94C9
Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/1/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/1/2011 12:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/4/2010 10:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/1/2011 12:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/2/2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 12:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/2/2011 11:15:09
VBASE003.VDF : 7.11.3.1 2048 Bytes 9/2/2011 11:15:10
VBASE004.VDF : 7.11.3.2 2048 Bytes 9/2/2011 11:15:10
VBASE005.VDF : 7.11.3.3 2048 Bytes 9/2/2011 11:15:10
VBASE006.VDF : 7.11.3.4 2048 Bytes 9/2/2011 11:15:10
VBASE007.VDF : 7.11.3.5 2048 Bytes 9/2/2011 11:15:10
VBASE008.VDF : 7.11.3.6 2048 Bytes 9/2/2011 11:15:10
VBASE009.VDF : 7.11.3.7 2048 Bytes 9/2/2011 11:15:10
VBASE010.VDF : 7.11.3.8 2048 Bytes 9/2/2011 11:15:10
VBASE011.VDF : 7.11.3.9 2048 Bytes 9/2/2011 11:15:11
VBASE012.VDF : 7.11.3.10 2048 Bytes 9/2/2011 11:15:11
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/2/2011 11:15:12
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/2/2011 11:15:13
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/2/2011 11:15:14
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/2/2011 11:15:14
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/2/2011 11:15:14
VBASE018.VDF : 7.11.3.251 159232 Bytes 28/2/2011 11:15:15
VBASE019.VDF : 7.11.4.33 148992 Bytes 2/3/2011 11:14:18
VBASE020.VDF : 7.11.4.73 150016 Bytes 6/3/2011 02:00:35
VBASE021.VDF : 7.11.4.74 2048 Bytes 6/3/2011 02:00:35
VBASE022.VDF : 7.11.4.75 2048 Bytes 6/3/2011 02:00:35
VBASE023.VDF : 7.11.4.76 2048 Bytes 6/3/2011 02:00:35
VBASE024.VDF : 7.11.4.77 2048 Bytes 6/3/2011 02:00:35
VBASE025.VDF : 7.11.4.78 2048 Bytes 6/3/2011 02:00:35
VBASE026.VDF : 7.11.4.79 2048 Bytes 6/3/2011 02:00:35
VBASE027.VDF : 7.11.4.80 2048 Bytes 6/3/2011 02:00:35
VBASE028.VDF : 7.11.4.81 2048 Bytes 6/3/2011 02:00:35
VBASE029.VDF : 7.11.4.82 2048 Bytes 6/3/2011 02:00:35
VBASE030.VDF : 7.11.4.83 2048 Bytes 6/3/2011 02:00:35
VBASE031.VDF : 7.11.4.100 97792 Bytes 7/3/2011 02:00:35
Engineversion : 8.2.4.180
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/1/2011 12:23:26
AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 8/3/2011 02:00:39
AESCN.DLL : 8.1.7.2 127349 Bytes 10/1/2011 12:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/1/2011 12:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/1/2011 12:23:25
AEPACK.DLL : 8.2.4.11 520566 Bytes 3/3/2011 11:14:20
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 8/3/2011 02:00:38
AEHEUR.DLL : 8.1.2.83 3338613 Bytes 8/3/2011 02:00:38
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/3/2011 11:15:17
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/3/2011 11:15:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/1/2011 12:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/3/2011 11:15:17
AEBB.DLL : 8.1.1.0 53618 Bytes 10/1/2011 12:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/1/2011 12:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/1/2011 12:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/6/2010 12:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/1/2011 12:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/1/2011 12:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/1/2011 12:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/1/2011 12:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/6/2010 12:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/1/2011 12:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/6/2010 12:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/1/2010 11:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/1/2011 12:23:52
Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: G:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_f532bcb6\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Start of the scan: Πέμπτη, 10 Μαρτίου 2011 10:17
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'H:\System Volume Information\_restore{2E663128-412D-4110-88DE-59CEE8824EA9}\RP30\A0013309.exe'
H:\System Volume Information\_restore{2E663128-412D-4110-88DE-59CEE8824EA9}\RP30\A0013309.exe
[DETECTION] Is the TR/Dropper.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f462837.qua'.
End of the scan: Πέμπτη, 10 Μαρτίου 2011 10:17
Used time: 00:15 Minute(s)
The scan has been done completely.
0 Scanned directories
34 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
33 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
The scan results will be transferred to the Guard.