Solved AVG says I have win32/heur

Oh, OK.
Neither, GMER, or Combofix will run on 64-bit system.

===================================================================

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

• 
  Close browsers before scanning.
  Scan for tracking cookies.
  Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

• 
  Click Preferences, then click the Statistics/Logs tab.
  Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

From jybaway:

I've had to go out of town for work for about two weeks, which would explain my sudden absence.

My computer is still telling me oleacc.dll is missing from my computer, after AVG told me that it had found win32/heur in that file. I cannot open Google Chrome at all and my computer gives me this error when I start my computer in association with iaanotif.exe. I'm so confused.

My last instructions were to post MBAM and SuperAntiSpywarae logs, so they are attached. FYI: I am running Windows 7 x64.

Please help... I want my computer back.

Click to expand...

my computer gives me this error when I start my computer in association with iaanotif.exe

Click to expand...

Please, post exact error message.
Does AVG still find same infection?
If so, I need to know exact AVG message, indicating infected file name and location.

=====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
oleacc.dll
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

The error message is the same that I get when I try to open google cchrome. the top of the box says "iaanotif.exe - System Error" and the message says "The program can't start because OLEACC.dll is missing from your computer. Try reinstalling the program to fix this problem." Coincidentally I have tried reinstalling Chrome..it doesn't work.

AVG found 2 instances of Win32/heur in oleacc.dll on two separate days (06/18 and 06/19): the first was in C:\Windows\SysWOW64\oleacc.dll and it says moved to virus vault. The second was C:\Program Files (x86)\Intel Matrix Storage Manager\IAAnotif.exe (2632). It just says "Reboot is required to finish the action," despite the fact that I've rebooted several times since those dates.

Every subsequent scan has turned up no infections at all, but I still can't open Chrome, Internet Explorer 32-bit, and get oleacc.dll error messages when I try to save something in notepad as well as the error I get on startup.

The OTL logs are attached.

OK. Clear enough.
In the future, if you have any file flagged by heuristic part of your AV program scan, make sure to upload file in question to http://www.virustotal.com/ for security check. False positive happens, so if the files is fine at VirusTotal, simply deny your AV request.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  
  Code:

  :filefind
  IAAnotif.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Okay, here's the logfile. I will definitely take your advice in the future... especially after this nightmare gets fixed!

OK. As you can see from SystemLook log, one file in question is where it suppose to be:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
Now, you have another issue with OLEACC.DLL file, which is suppose to be here:
C:\Windows\SysWOW64\oleacc.dll
but it's missing since your AV got rid of it.

Now, before we go anywhere else, we have to check if IAAnotif.exe file and a replacement for OLEACC.DLL are safe.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:

- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
- C:\Windows\winsxs\wow64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_d0ce59c770758425\oleacc.dll

IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

Here is the first scan:

File IAAnotif.exe received on 2010.07.13 12:20:21 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.13 -
AhnLab-V3 2010.07.13.01 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.13 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.13 -
CAT-QuickHeal 11.00 2010.07.13 -
ClamAV 0.96.0.3-git 2010.07.13 -
Comodo 5414 2010.07.13 -
DrWeb 5.0.2.03300 2010.07.13 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7703 2010.07.13 -
F-Prot 4.6.1.107 2010.07.11 -
F-Secure 9.0.15370.0 2010.07.13 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.13 -
Ikarus T3.1.1.84.0 2010.07.13 -
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.13 -
McAfee 5.400.0.1158 2010.07.13 -
McAfee-GW-Edition 2010.1 2010.07.13 -
Microsoft 1.5902 2010.07.13 -
NOD32 5274 2010.07.13 -
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.12 -
PCTools 7.0.3.5 2010.07.13 -
Prevx 3.0 2010.07.13 -
Rising 22.56.01.04 2010.07.13 -
Sophos 4.55.0 2010.07.13 -
Sunbelt 6574 2010.07.13 -
SUPERAntiSpyware 4.40.0.1006 2010.07.13 -
Symantec 20101.1.0.89 2010.07.13 -
TheHacker 6.5.2.1.312 2010.07.12 -
TrendMicro 9.120.0.1004 2010.07.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.13 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.13 -
VirusBuster 5.0.27.0 2010.07.12 -
Additional information
File size: 186904 bytes
MD5...: d1930ca970d4250d891f432419e3d6c9
SHA1..: d1522fcd4220d12feb02e9b9dba415e50dadeb18
SHA256: c839ed92d5bcc293081e05f2b199848c37a478a361ba6c3255421a297211c915
ssdeep: 3072:+yEEzb9/s5p8Uxa1PbOBJ/pI6/Dy1M3Nm2XlGhDbG0cMn5e:+yEEY8U6DOB
Ny8oDbXe
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x76ec
timedatestamp.....: 0x4ad4c623 (Tue Oct 13 18:25:39 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15374 0x16000 6.48 b74ea2431802e7a9934385d2fa220f25
.rdata 0x17000 0x52d8 0x6000 4.51 fab34ecf8729d339bbb54f99ffc3e12c
.data 0x1d000 0x63c4 0x3000 2.98 642afd764058a970ba02ec42d21fa7dd
.rsrc 0x24000 0xb3d8 0xc000 3.92 9236526d3828fbb2c36e1e03d1432e2c

( 12 imports )
> KERNEL32.dll: SetFilePointer, FlushFileBuffers, GetCurrentProcess, HeapAlloc, HeapFree, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, RtlUnwind, ExitProcess, GetStartupInfoA, GetCommandLineA, HeapReAlloc, HeapSize, TerminateProcess, GetCPInfo, VirtualFree, IsBadWritePtr, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GlobalGetAtomNameA, HeapCreate, GetOEMCP, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcatA, lstrcmpW, GetProcAddress, lstrcpyA, GetCurrentThreadId, GlobalFlags, lstrcmpA, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, GetModuleFileNameA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSection, RaiseException, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, GetSystemDefaultLangID, ConvertDefaultLocale, EnumResourceLanguagesA, GetCurrentDirectoryA, SetCurrentDirectoryA, FindFirstFileA, FindNextFileA, FindClose, FormatMessageA, LocalFree, CreateEventA, lstrcpynA, CreateFileA, SetNamedPipeHandleState, CreateThread, ResetEvent, WaitForMultipleObjects, GetOverlappedResult, ReadFile, GetTickCount, CloseHandle, SetEvent, WaitForSingleObject, TerminateThread, WriteFile, Sleep, CreateMutexA, FindResourceA, LoadResource, LockResource, SizeofResource, FreeLibrary, LoadLibraryA, GetModuleHandleA, lstrlenA, lstrcmpiA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, HeapDestroy, InterlockedExchange
> USER32.dll: CallWindowProcA, SystemParametersInfoA, IsIconic, GetWindowPlacement, CopyRect, SetMenuItemBitmaps, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetWindowLongA, SetWindowsHookExA, CallNextHookEx, GetKeyState, PeekMessageA, ValidateRect, ClientToScreen, GetWindow, GetDlgCtrlID, PtInRect, GetFocus, GetClassNameA, GetParent, GetLastActivePopup, IsWindowEnabled, UnhookWindowsHookEx, LoadCursorA, GetSystemMetrics, GetSysColor, GetSysColorBrush, GetMenuItemID, GetMenuItemCount, GetSubMenu, EnableWindow, MessageBoxA, GetMessageA, DispatchMessageA, CreateWindowExA, UnregisterClassA, RegisterClassExA, DefWindowProcA, wsprintfA, EndDialog, GetCursorPos, CreatePopupMenu, DestroyMenu, GetAsyncKeyState, SetForegroundWindow, TrackPopupMenuEx, InsertMenuItemA, SetTimer, KillTimer, DestroyIcon, DialogBoxParamA, SetWindowPos, AdjustWindowRect, GetWindowLongA, GetClientRect, LoadStringA, CreateDialogParamA, PostMessageA, DestroyWindow, LoadImageA, SetWindowTextA, MessageBeep, GetDlgItem, GetWindowTextA, GetDC, SendMessageA, DrawTextA, ReleaseDC, ScreenToClient, RegisterClassA, GetWindowRect, PostQuitMessage, GetMenuState, GetDesktopWindow, MoveWindow, GrayStringA, DrawTextExA, TabbedTextOutA, RegisterWindowMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassInfoExA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, LoadIconA, MapWindowPoints, GetMenu, AdjustWindowRectEx, GetClassInfoA
> GDI32.dll: DeleteObject, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, DeleteDC, GetStockObject, SetMapMode, RestoreDC, SaveDC, SetBkColor, SetTextColor, GetClipBox, ScaleWindowExtEx, SelectObject, GetDeviceCaps, CreateBitmap
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> comdlg32.dll: GetOpenFileNameA
> ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, RegOpenKeyA, RegCreateKeyA, RegSetValueExA, RegQueryValueExA
> SHELL32.dll: ShellExecuteA, SHGetFolderPathA, Shell_NotifyIconA
> ole32.dll: CoInitializeEx, CoCreateInstance
> OLEAUT32.dll: -, -, -, -, -
> COMCTL32.dll: -
> ISDI.dll: __1Sdi@@QAE@XZ, _getHandles@Sdi@@QAE_AW4_Error@1@PAPAXPAKKPAXKK@Z, _getCount@Sdi@@QAEKKPAXKK@Z, __0Sdi@@QAE@_N@Z, _getTable@Sdi@@QAE_AW4_Error@1@W4_TableType@1@PAX1@Z
> OLEACC.dll: LresultFromObject, CreateStdAccessibleObject

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 2003-2009
product......: RAID Event Monitor
description..: Event Monitor User Notification Tool
original name: IAAnotif.exe
internal name: IAAnotif
file version.: 8.9.4.1004
comments.....:
signers......: Intel Corporation
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 8:25 PM 10/13/2009
verified.....: -

And here's oleacc.dll:

File oleacc.dll received on 2010.07.13 12:28:23 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.13 -
AhnLab-V3 2010.07.13.01 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.13 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.13 -
CAT-QuickHeal 11.00 2010.07.13 -
ClamAV 0.96.0.3-git 2010.07.13 -
Comodo 5414 2010.07.13 -
DrWeb 5.0.2.03300 2010.07.13 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7703 2010.07.13 -
F-Prot 4.6.1.107 2010.07.11 -
F-Secure 9.0.15370.0 2010.07.13 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.13 -
Ikarus T3.1.1.84.0 2010.07.13 -
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.13 -
McAfee 5.400.0.1158 2010.07.13 -
McAfee-GW-Edition 2010.1 2010.07.13 -
Microsoft 1.5902 2010.07.13 -
NOD32 5274 2010.07.13 -
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.12 -
PCTools 7.0.3.5 2010.07.13 -
Prevx 3.0 2010.07.13 -
Rising 22.56.01.04 2010.07.13 -
Sophos 4.55.0 2010.07.13 -
Sunbelt 6574 2010.07.13 -
SUPERAntiSpyware 4.40.0.1006 2010.07.13 -
Symantec 20101.1.0.89 2010.07.13 -
TheHacker 6.5.2.1.312 2010.07.12 -
TrendMicro 9.120.0.1004 2010.07.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.13 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.13 -
VirusBuster 5.0.27.0 2010.07.12 -
Additional information
File size: 233472 bytes
MD5...: cbd010bfbed9657c3813400aad03cf8a
SHA1..: cdcb3a2845dfbf61000e5291eb3d8d5e65db362d
SHA256: 2dd60a291d8f4a44d7d638c83a46cfa618525a72b9d975fb81f8f403699b9ae6
ssdeep: 3072:/RjrwYo7juVuox3UMGgx7ZWytNLO9WhACKNhkc/jt+1rvc3bDZXFGGR7Imf
mz9gi:/RjRRbTZWyQXCwhP/jw1rshRw9J
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3089
timedatestamp.....: 0x4a5bdac8 (Tue Jul 14 01:09:28 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2eee3 0x2f000 6.57 703acc729b6d0594b5c2012a8dc2f1d3
.orpc 0x30000 0x157 0x200 4.27 7a9f0482dd8b98a20e6ac1c562902856
.data 0x31000 0x1a28 0x1a00 2.74 ade700194be681930c99a15ce4949dfa
.rsrc 0x33000 0x54d0 0x5600 4.39 99bd35ebc318ddc30daadcfcf6559df6
.reloc 0x39000 0x28bc 0x2a00 6.51 9efa7bbefc8673b8c5f19e5cf962577e

( 10 imports )
> msvcrt.dll: memset, __dllonexit, _unlock, _amsg_exit, _initterm, _XcptFilter, realloc, _except_handler4_common, _onexit, swprintf_s, memcpy, wcscpy_s, wcscat_s, _ftol2_sse, _wcslwr_s, wcsstr, _beginthreadex, strncpy_s, memmove, _vsnwprintf, _ftol2, malloc, free, _lock
> ntdll.dll: EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwLogTraceEvent, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags
> API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegCreateKeyExW, RegDeleteValueW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW
> API_MS_Win_Core_ProcessThreads_L1_1_0.dll: GetCurrentProcessId, GetCurrentThreadId, OpenProcessToken, TerminateProcess, CreateThread, GetExitCodeThread, GetCurrentProcess
> API_MS_Win_Security_Base_L1_1_0.dll: GetSidSubAuthority, GetTokenInformation, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, SetSecurityDescriptorSacl, InitializeAcl, InitializeSecurityDescriptor
> USER32.dll: SetForegroundWindow, DefWindowProcW, RegisterHotKey, MessageBeep, CreateWindowExW, RegisterClassExW, DispatchMessageW, TranslateMessage, GetMessageW, SetTimer, RemovePropW, SetParent, RegisterClassW, SetPropW, CharPrevW, KillTimer, EnumThreadWindows, SetRectEmpty, IsWindowEnabled, GetKeyState, VkKeyScanW, OemKeyScan, DestroyWindow, UnregisterHotKey, RegisterWindowMessageW, SetWindowsHookExW, UnhookWindowsHookEx, EnumWindows, GetCursorPos, WindowFromPoint, IsMenu, SendMessageTimeoutW, SetRect, SetScrollInfo, GetScrollInfo, IsZoomed, GetSystemMetrics, GetMenuStringW, IsRectEmpty, GetMenu, GetMenuState, GetMenuItemID, MenuItemFromPoint, GetSubMenu, GetMenuItemInfoW, GetMenuItemCount, GetClientRect, IntersectRect, GetClassNameW, MapVirtualKeyW, GetKeyNameTextW, GetDlgItem, GetForegroundWindow, LoadCursorW, GetPropW, GetShellWindow, CharNextW, CharLowerBuffW, LoadStringW, IsChild, GetWindow, IsWindow, MapWindowPoints, GetWindowRect, GetDC, SystemParametersInfoW, ReleaseDC, GetKeyboardLayout, PostMessageW, FindWindowExW, GetWindowLongW, FindWindowW, IsWindowVisible, ScreenToClient, PtInRect, ClientToScreen, SendMessageW, GetWindowThreadProcessId, GetDesktopWindow, GetParent
> GDI32.dll: DeleteObject, LPtoDP, GetDCOrgEx, CreateFontW, SelectObject, GetCharABCWidthsW
> KERNEL32.dll: LoadResource, DelayLoadFailureHook, InterlockedCompareExchange, LoadLibraryExA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GlobalUnlock, lstrlenW, InterlockedDecrement, InterlockedIncrement, InterlockedExchange, CompareStringW, GetLocaleInfoW, LocalAlloc, LocalFree, GetLastError, OpenProcess, CloseHandle, GetVersionExW, GetModuleHandleW, GetProcAddress, FindResourceW, lstrlenA, lstrcatW, GetModuleFileNameW, lstrcpynW, HeapDestroy, lstrcmpiW, lstrcpyW, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, GetModuleHandleExW, K32GetModuleBaseNameW, GlobalAlloc, GlobalFree, GetTickCount, DisableThreadLibraryCalls, FreeLibrary, LoadLibraryExW, LoadLibraryW, WriteProcessMemory, CreateFileMappingW, EnterCriticalSection, LeaveCriticalSection, DuplicateHandle, MapViewOfFile, UnmapViewOfFile, GlobalGetAtomNameW, DeleteCriticalSection, InitializeCriticalSection, GlobalFindAtomW, GlobalDeleteAtom, GlobalAddAtomW, WideCharToMultiByte, SetLastError, GetVersionExA, WaitForSingleObject, Sleep, ReadProcessMemory, GetThreadLocale, lstrcmpW, GlobalLock, MultiByteToWideChar, SizeofResource
> ole32.dll: CoTaskMemRealloc, CoInitialize, CoUnmarshalInterface, CreateStreamOnHGlobal, GetHGlobalFromStream, CoReleaseMarshalData, CoMarshalInterThreadInterfaceInStream, CoInitializeEx, CoGetInterfaceAndReleaseStream, CoUninitialize, CoTaskMemFree, ReleaseStgMedium, CoTaskMemAlloc, CoCreateInstance, HWND_UserSize, HWND_UserMarshal, HWND_UserUnmarshal, HWND_UserFree, HMENU_UserSize, HMENU_UserMarshal, HMENU_UserUnmarshal, HMENU_UserFree, CoMarshalInterface
> RPCRT4.dll: NdrDllGetClassObject, NdrDllCanUnloadNow, NdrCStdStubBuffer_Release, NdrCStdStubBuffer2_Release, NdrDllRegisterProxy, NdrDllUnregisterProxy, CStdStubBuffer_DebugServerRelease, CStdStubBuffer_DebugServerQueryInterface, CStdStubBuffer_CountRefs, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_Invoke, CStdStubBuffer_Disconnect, CStdStubBuffer_Connect, CStdStubBuffer_AddRef, CStdStubBuffer_QueryInterface, NdrStubCall2, NdrStubForwardingFunction, IUnknown_Release_Proxy, IUnknown_AddRef_Proxy, IUnknown_QueryInterface_Proxy, NdrOleFree, NdrOleAllocate

( 24 exports )
AccessibleChildren, AccessibleObjectFromEvent, AccessibleObjectFromPoint, AccessibleObjectFromWindow, CreateStdAccessibleObject, CreateStdAccessibleProxyA, CreateStdAccessibleProxyW, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, GetOleaccVersionInfo, GetProcessHandleFromHwnd, GetRoleTextA, GetRoleTextW, GetStateTextA, GetStateTextW, IID_IAccessible, IID_IAccessibleHandler, LIBID_Accessibility, LresultFromObject, ObjectFromLresult, PropMgrClient_LookupProp, WindowFromAccessibleObject
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: DirectShow filter (58.3%)
Windows OCX File (35.7%)
Win32 Executable Generic (2.4%)
Win32 Dynamic Link Library (generic) (2.1%)
Generic Win/DOS Executable (0.5%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Active Accessibility Core Component
original name: OLEACC.DLL
internal name: OLEACC
file version.: 7.0.0.0 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Very good

Now, open Windows Explorer, navigate to:
C:\Windows\winsxs\wow64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_d0ce59c770758425
Copy oleacc.dll file from there and paste it into:
C:\Windows\SysWOW64
Restart computer and see, if this solves your Chrome issue.

Then, if AVG complains again about oleacc.dll, or IAAnotif.exe, create an exception for those two files, or whatever it takes for AVG not to scan those two files (I don't use AVG, so I'm not 100% sure, how it's done).

Report on progress and then I'll analyze your OTL files.

Eureka!! It works! I am having no issues, it seems: no errors at startup and no issues with Chrome.

What's next? Also, what antivirus do you recommend?

Thank you thank you thank you a hundred million times over!

Great news

I'm not a big fan of AVG, but, if it works for you, leave it alone. False positives happen with any security program.

====================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: []  File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  O18:[b]64bit:[/b] - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
  O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\{f9a391d2-10f3-11df-ac23-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{f9a391d2-10f3-11df-ac23-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Viewer.exe -- [2003/09/24 16:05:54 | 000,821,248 | R--- | M] ()
  [2010/04/13 13:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Okay, updated/uninstalled Java... and here is my OTL log.

I'm not sure how to thank you enough for your help - is there anything I can do in return?

also, is there some other antivirus that you recommend that is better? this is my first ever free antivirus and I had it for about two months before this happened, if even, and before that I have never, ever had any kind of virus issue at all. and while I understand false positives happen, is there some program that is less likely to do it/is generally better? I don't mind shelling out the money if it saves me this headache in the future.

is there anything i can do in return?

Click to expand...

If you're a lady, I'll take a kiss, if you're a guy, sorry, "Thank you" will do

As I said, false positives may happen with any security program. Now, you know what to do, if it'll happen again. If any doubts, I'll be around

Now...

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Okay, cleaned temp files and ran kaspersky; log is attached.

now, please tell me where I can personally deliver that kiss?

now, please tell me where i can personally deliver that kiss?

Click to expand...

Hahahahahaha.......


OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

The issue appears to be resolved.