Win32/Heur found by AVG on Symantec Antivirus

Inactive
By SapphireWishes
Dec 14, 2012
  1. My AVG popped up saying
    Name: Virus found Win32/Heur
    Object name: c:\ProgramData\Symantec\Symantec Antivirus Corporate Edition\7.5

    I believe it is more usual to find this in a game file not another antivirus file.
    My computed has significantly slowed as well
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. SapphireWishes

    SapphireWishes Newcomer, in training Topic Starter

    This is the DDS.COM Scan results

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_31
    Run by DEELL_ENGLISH at 21:15:08 on 2012-12-15
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
    C:\Program Files\StormII\stormliv.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Users\DEELL_ENGLISH\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Windows\system32\FreezeScreenSaver.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Windows\system32\lkads.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\lkcitdl.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Windows\system32\lktsrv.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\StormII\stMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
    C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k WindowsMobile
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    BHO: ThunderAtOnce Class: {01443AEC-0FD1-40fd-9C87-E93D1494C233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - LocalServer32 - <no file>
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - LocalServer32 - <no file>
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [NI Update Service] "c:\program files\national instruments\shared\update service\NIUpdateService.exe" -startupTask
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\deell_~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\deell_english\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nierro~1.lnk - c:\program files\national instruments\shared\ni error reporting\nierserver.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\PPLive.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{9713CB3D-3892-47BB-8228-5B60D12F7149} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{A2FCB70B-E9B7-431E-98BD-48C92421B33C} : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
    Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
    Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\deell_english\appdata\roaming\mozilla\firefox\profiles\vavsoplq.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\mozilla firefox\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
    FF - component: c:\users\deell_english\appdata\roaming\mozilla\firefox\profiles\vavsoplq.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\stormii\codec\plugins\nppl3260.dll
    FF - plugin: c:\program files\stormii\codec\plugins\nprpjplug.dll
    FF - plugin: c:\program files\super rabbit\klplayer\plugins\nppl3260.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - ExtSQL: !HIDDEN! 2012-01-16 00:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc - BRI/1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2010-5-19 79052]
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-2-29 548352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-3 106656]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
    R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]
    R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [1999-7-27 149208]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [1999-7-27 277624]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-25 54632]
    .
    =============== Created Last 30 ================
    .
    2012-12-16 01:52:0660872----a-w-c:\programdata\microsoft\windows defender\definition updates\{a76323f7-c060-4acb-81e5-e8a8cb17a890}\offreg.dll
    2012-12-15 06:55:566812136----a-w-c:\programdata\microsoft\windows defender\definition updates\{a76323f7-c060-4acb-81e5-e8a8cb17a890}\mpengine.dll
    2012-12-01 02:46:0340776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2012-11-26 04:49:47--------d-----w-c:\users\deell_english\appdata\local\MicrosoftStore
    2012-11-21 02:54:39--------d-----w-c:\users\deell_english\appdata\roaming\National Instruments
    2012-11-21 02:52:32--------d-----w-c:\program files\HI-TECH Software
    2012-11-21 02:30:30--------d-----w-c:\windows\system32\cvirte
    2012-11-21 02:28:58--------d-----w-c:\program files\common files\Merge Modules
    2012-11-21 02:25:04--------d-----w-c:\program files\National Instruments
    2012-11-21 02:19:58--------d-----w-c:\programdata\National Instruments
    2012-11-21 02:15:47--------d-----w-C:\National Instruments Downloads
    .
    ==================== Find3M ====================
    .
    2012-10-22 18:02:46179936----a-w-c:\windows\system32\drivers\avgidsdriverx.sys
    2012-10-16 03:18:3773656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-16 03:18:37696760----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-10-15 08:48:5255776----a-w-c:\windows\system32\drivers\avgidshx.sys
    2012-10-10 09:00:542504760----a-w-c:\windows\system32\GooglePinyin2.ime
    2012-10-02 07:30:38159712----a-w-c:\windows\system32\drivers\avgldx86.sys
    2012-09-30 00:54:2622856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-21 07:46:06164832----a-w-c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 07:46:00177376----a-w-c:\windows\system32\drivers\avglogx.sys
    2012-09-21 07:45:5419936----a-w-c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-19 09:51:4629536----a-w-c:\windows\system32\uxt1F44.tmp
    .
    ============= FINISH: 21:17:51.85 ===============
  4. SapphireWishes

    SapphireWishes Newcomer, in training Topic Starter

    This is the mbam scan log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.16.02

    Windows Vista x86 NTFS
    Internet Explorer 8.0.6001.18882
    DEELL_ENGLISH :: DELL-PC [administrator]

    12/15/2012 8:59:36 PM
    mbam-log-2012-12-15 (20-59-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 268818
    Time elapsed: 34 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\DEELL_ENGLISH\Downloads\ni multisim student edition.exe (PUP.BundleInstaller.SOL) -> No action taken.

    (end)
  5. SapphireWishes

    SapphireWishes Newcomer, in training Topic Starter

    AVG has detected
    AdwCleaner.exe
    as a trojan

    Name: IDP.Trojan.97AC54E5
    Object name: c:\Users\DEELL_ENGLISH\downloads\adwacleaner.exe
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Were you able to run this? A reply, at least, would help. :D


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.