Solved Win32 Heur / AVG

Status
Not open for further replies.
B

banana1

Posts: 36   +0
Hello everyone, now I noticed I'm not the only one getting this alert from AVG last night, about my Supreme Commander Forged alliance.exe and Star wars forces of corruption.exe

I ran the six step guide on this forum and so far they say I am not infected, I have the two files in my AVG quarantine.

Just as a side note, I do not go on pornographic sites, the only downloads I do are steam, itunes and gaming mods. Which I have done none of the latter for weeks, I also scan on a daily basis with my AVG and it did not detect anything the previous day until this update kicked in late last night, I have also sent the file to AVG so they can see if it is a false positive (to which I really hope it is) but you guys/gals are more knowledgeable than me on this so I come to you :)
My computer is not showing any kinda of malfunctions or symptoms of an infection either, my cpu usage isnt spazzing out and neither is my memory, my only indicator theres a problem was the pop up from AVG.

So far all these have come up empty, oh and my gmer log didnt seem to save correctly, so I will run that again and post when I have it. Thank you. Sorry to be a bother.


Malwarebytes log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5993

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

08/03/2011 23:43:45
mbam-log-2011-03-08 (23-43-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 664147
Time elapsed: 2 hour(s), 27 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS LOG
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Christopher at 18:27:52.78 on 09/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2155 [GMT 0:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Windows\system32\HidService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\RAVCpl64.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Christopher\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bridgecommander.filefront.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
uRun: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
mRun: [eRecoveryService]
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [FijiKeyboard] c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-11 28192]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys [2010-4-30 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys [2010-4-30 221232]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100324.001\BHDrvx64.sys [2010-3-24 678960]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys [2010-4-30 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100422.002\IDSviA64.sys [2010-5-1 466992]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys [2010-4-30 149552]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys [2010-4-30 451120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 ETService;Empowering Technology Service;C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [2009-3-28 24576]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-4-30 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-4-6 1153368]
R2 SrvCDEject;SrvCDEject;C:\Program Files (x86)\Packard Bell\SrvCDEject.exe [2009-3-28 600576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 133712]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-1 132656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-14 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-18 1038088]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-3-12 36720]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-28 93184]
.
=============== Created Last 30 ================
.
2073-04-13 17:17:26 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-09 17:21:11 2424320 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 17:21:10 730624 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 17:21:10 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 17:21:10 2067456 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 17:21:09 560128 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 17:21:09 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 17:21:09 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 17:21:09 323072 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 17:21:09 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 17:21:09 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 17:21:09 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 17:21:09 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-08 21:06:28 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
2011-03-08 21:06:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-08 21:06:19 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-08 21:06:16 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-03-08 21:06:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-08 21:06:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-04 20:44:54 -------- d-----w- C:\Program Files\iPod
2011-03-04 20:44:42 -------- d-----w- C:\Program Files\iTunes
2011-03-04 20:44:42 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-04 20:39:50 -------- d-----w- C:\Program Files\Bonjour
2011-03-04 20:39:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-02-26 01:19:32 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-02-26 01:19:32 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-02-23 18:22:57 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Chromium
2011-02-23 17:12:52 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2011-02-23 17:12:52 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2011-02-23 17:12:50 13312 ----a-w- C:\Windows\System32\wsmplpxy.dll
2011-02-23 17:12:50 13312 ----a-w- C:\Windows\System32\winrssrv.dll
2011-02-23 17:12:31 10240 ----a-w- C:\Windows\SysWow64\wsmplpxy.dll
2011-02-23 17:12:31 10240 ----a-w- C:\Windows\SysWow64\winrssrv.dll
2011-02-22 21:08:03 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Amazon
2011-02-22 21:07:44 -------- d-----w- C:\Program Files (x86)\Amazon
2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-12 20:20:28 -------- d-----w- C:\Program Files (x86)\Raven
2011-02-09 18:17:49 4692368 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-09 18:17:48 1560960 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-09 18:17:48 1167488 ----a-w- C:\Windows\SysWow64\ntdll.dll
.
==================== Find3M ====================
.
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-02-16 19:05:54 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-01-08 09:31:03 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 07:50:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:17:24 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 05:57:10 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 13:46:25 2755584 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 15:26:13 462848 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 14:57:35 409600 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-23 17:10:15 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2010-12-20 16:08:20 1032704 ----a-w- C:\Windows\System32\wininet.dll
2010-12-20 16:04:07 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-12-20 15:40:24 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-12-20 14:37:07 485376 ----a-w- C:\Windows\System32\html.iec
2010-12-20 14:12:59 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-20 14:12:01 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-20 13:51:45 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-14 16:20:18 1251840 ----a-w- C:\Windows\System32\sdclt.exe
.
============= FINISH: 18:28:45.36 ===============

DDS Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/03/2009 12:39:21
System Uptime: 09/03/2011 18:14:16 (0 hours ago)
.
Motherboard: Packard Bell | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 27.684 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Reader 9.4.2
Amazon Kindle For PC
Apple Application Support
Crysis 2 Demo
Crysis(R)
Dead Rising 2
Dream Experimental v0.5
Elite Force RPG-X v2.0
Email Scrabble .Net
Far Cry Demo
Google Chrome
Hitman: Blood Money
Just Cause 2
Lara Croft and the Guardian of Light
Malwarebytes' Anti-Malware
Mass Effect 2
Medieval II: Total War
Medieval II: Total War Kingdoms
Metro 2033
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office Home and Student 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Need for Speed(TM) Hot Pursuit
NVIDIA PhysX
Oblivion mod manager 1.1.12
OpenAL
Pando Media Booster
QuickTime
RIFT
Safari
Skype™ 5.1
Star Trek Legacy
Star Trek Voyager Elite Force
Titan Quest
Titan Quest: Immortal Throne
Tom Clancy's Splinter Cell Conviction
Total War: SHOGUN 2 Demo
Ubisoft Game Launcher
Unity Web Player
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Winter Assault
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Make sure, your AVG is up to date, since there were some false positives reported lately.

Now...you're running two AV programs, AVG and Norton.
One of them has to go.
If AVG, use this uninstaller: http://www.avg.com/us-en/download-tools
If Norton, use this one: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When done....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks Broni I will do that when I get back from work tonight, I want ti get rid of norton so I shall remove that. But it looks like I will have to remove AVG anyway too temporarily to run combo fix.

AVG still hasn't gotten back to me on the file I sent fir testing so they are still in the quarantine so before I uninstall AVG for combo fix do I use AVG to empty and remove the quarantined items?

Thank you for your help, I know nothing about this kind of thing.
 
Leave quarantined files alone for now.
They're safe there.
I just want to make sure, nothing important has been removed as false positive.
 
But if I uninstall AVG to run the combofix file, wont that like unquarantine things? I dont want to make things worse, because right now I have no symptoms of infection.
 
No, uninstalling will either get rid of quarantine folder, or it'll give you an option to leave the folder alone.
If the latter option is possible, I'd prefer that, so nothing important is removed by a mistake.
If you want to, we can take a look, if you can post a content of quarantine folder.
 
there are two items,

c:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe

c:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe

Both say severity is infection.

Thats all thats in there, I cant see how those files were infected with anything, I haven't played either of those games in months and months and I update and run AVG and Spybot search and destroy every day.

What would you like me to do now? I appreciate your help thank you Broni.
 
Where do I find the files? I'm not sure where AVG's quarantine folder is, I'll then upload them to the virustotal site you mentioned.
 
I cant find the quarantine folder and isn't it not a good idea to go opening that anyway? Cant we get rid of the files with AVG then just proceed with the combofix checks and stuff after the files are removed and AVG uninstalled? I mean they are only game exe's they can be replaced from the game disks which are obviously clean.
 
Hi, sorry for the late reply just got back from work, here is the MBR check you told me to run, I uninstalled Norton too, just have AVG on right now, still I have no symptoms but I noticed when I ran the MBR it said MBR code Faked, what does that mean? I'll wait until I get a reply to continue with the other things you said.

Edit: I know that Bobbeye just said that AVG's update was the cause of the false positive for the heur virus and to update AVG (which I have always been doing anyway) and to recheck if it still registers the virus but I deleted them from the quarantine earlier so I cant rescan them as they are gone from the pc. I would like to continue with your help though if thats ok, since I would prefer to be on the safe side anyway if its not too much trouble. I'm a little worried about the MBR thing too, it doesnt sound good saying somethings fake.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Packard Bell
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Packard Bell
System Product Name: IXTREME X6617 UK
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 145):
0x02264000 \SystemRoot\system32\ntoskrnl.exe
0x0221E000 \SystemRoot\system32\hal.dll
0x00609000 \SystemRoot\system32\kdcom.dll
0x00613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00640000 \SystemRoot\system32\PSHED.dll
0x00654000 \SystemRoot\system32\CLFS.SYS
0x006B1000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F1000 \SystemRoot\system32\drivers\acpi.sys
0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095A000 \SystemRoot\system32\drivers\pci.sys
0x0098A000 \SystemRoot\System32\drivers\partmgr.sys
0x0099F000 \SystemRoot\system32\drivers\volmgr.sys
0x00763000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B3000 \SystemRoot\system32\drivers\nvrd64.sys
0x007C9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x009DF000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A02000 \SystemRoot\system32\drivers\nvraid.sys
0x00A25000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A51000 \SystemRoot\system32\drivers\storport.sys
0x00AAE000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AF4000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B08000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C02000 \SystemRoot\system32\drivers\ndis.sys
0x00B8F000 \SystemRoot\system32\drivers\msrpc.sys
0x00E09000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E61000 \SystemRoot\System32\drivers\tcpip.sys
0x00DC5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118C000 \SystemRoot\system32\drivers\wd.sys
0x01194000 \SystemRoot\system32\drivers\volsnap.sys
0x011D8000 \SystemRoot\System32\Drivers\spldr.sys
0x011E0000 \SystemRoot\system32\DRIVERS\NVAMACPI.sys
0x011EA000 \SystemRoot\System32\Drivers\mup.sys
0x01201000 \SystemRoot\System32\drivers\ecache.sys
0x0122D000 \SystemRoot\system32\drivers\disk.sys
0x01241000 \SystemRoot\system32\drivers\crcdisk.sys
0x0124B000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01255000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x012A3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x012B0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x012B9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x012CC000 \SystemRoot\system32\DRIVERS\serial.sys
0x012E9000 \SystemRoot\system32\DRIVERS\serenum.sys
0x012F5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0130B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01319000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x01325000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x01330000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0133B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x01381000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x01392000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03203000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x0336F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0338B000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x03401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04093000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04095000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04174000 \SystemRoot\System32\drivers\watchdog.sys
0x04183000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x04195000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x041A5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x041AE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x041E6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03398000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x041F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x033BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x033EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x013A5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x013C3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x013DB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x033FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04202000 \SystemRoot\system32\DRIVERS\ks.sys
0x04236000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04241000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04251000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04A09000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04B76000 \SystemRoot\system32\drivers\portcls.sys
0x04BB1000 \SystemRoot\system32\drivers\drmk.sys
0x04BD4000 \SystemRoot\system32\drivers\ksthunk.sys
0x04BDA000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x04BE9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04BF3000 \SystemRoot\System32\Drivers\Null.SYS
0x042AC000 \SystemRoot\System32\drivers\vga.sys
0x042BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x042DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04BFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04A00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x042F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x042FD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04308000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04319000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04322000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0433F000 \SystemRoot\system32\DRIVERS\smb.sys
0x0435A000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x043BB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x013ED000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00FD5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x013F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04C02000 \SystemRoot\system32\drivers\afd.sys
0x04C6F000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04C7A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04C98000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04CA7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04CC2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04D10000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04D1C000 \SystemRoot\System32\Drivers\dfsc.sys
0x04D39000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x04D89000 \SystemRoot\system32\DRIVERS\udfs.sys
0x04DD7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04DE5000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0125F000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x04DEF000 \SystemRoot\System32\drivers\Dxapi.sys
0x0128B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x08405000 \SystemRoot\system32\drivers\luafv.sys
0x08427000 \SystemRoot\system32\drivers\spsys.sys
0x084C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x084D5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x084ED000 \SystemRoot\system32\drivers\HTTP.sys
0x0858C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x085B5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x085D3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08E0A000 \SystemRoot\system32\drivers\mrxdav.sys
0x08E31000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08E5A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08EA3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08EC2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08EF4000 \SystemRoot\System32\DRIVERS\srv.sys
0x08F8A000 \SystemRoot\System32\Drivers\adfs.SYS
0x08FA2000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x08FF0000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x00FE7000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
0x085ED000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x0960C000 \SystemRoot\system32\drivers\peauth.sys
0x096C2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x096CD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x096DC000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x77110000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
484 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
540 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
732 csrss.exe
800 C:\Windows\System32\wininit.exe
812 csrss.exe
848 C:\Windows\System32\services.exe
860 C:\Windows\System32\lsass.exe
872 C:\Windows\System32\lsm.exe
916 C:\Windows\System32\winlogon.exe
328 C:\Windows\System32\svchost.exe
460 C:\Windows\System32\nvvsvc.exe
668 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
720 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\audiodg.exe
1156 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\SLsvc.exe
1220 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\nvvsvc.exe
1444 C:\Windows\System32\svchost.exe
1656 C:\Windows\System32\spoolsv.exe
1680 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\dwm.exe
1476 C:\Windows\System32\taskeng.exe
308 C:\Windows\System32\taskeng.exe
1500 C:\Windows\explorer.exe
2068 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2144 C:\Windows\System32\nvraidservice.exe
2172 C:\Windows\RAVCpl64.exe
2344 C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
2360 C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
2368 C:\Windows\ehome\ehtray.exe
2400 C:\Windows\ehome\ehmsas.exe
2408 C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
2456 C:\Windows\System32\svchost.exe
2496 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2508 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2720 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
2764 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2788 C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
3024 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3056 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
1296 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1392 C:\Windows\System32\HidService.exe
2336 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
2320 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
2128 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3104 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
3112 C:\Windows\SysWOW64\PnkBstrA.exe
3144 C:\Windows\System32\svchost.exe
3176 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
3340 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3360 C:\Windows\System32\svchost.exe
3408 C:\Windows\System32\svchost.exe
3436 C:\Windows\System32\svchost.exe
3476 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3548 C:\Windows\System32\SearchIndexer.exe
3628 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
3852 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
3960 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
3132 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3164 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2104 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4344 C:\Program Files\iPod\bin\iPodService.exe
4596 WmiPrvSE.exe
4880 C:\Windows\System32\wbem\unsecapp.exe
4808 C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
1304 C:\Windows\System32\SearchProtocolHost.exe
3952 C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
3536 C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
1076 WmiPrvSE.exe
4692 C:\Windows\System32\wuauclt.exe
1956 C:\Windows\System32\SearchFilterHost.exe
4212 C:\Windows\servicing\TrustedInstaller.exe
228 C:\Users\Christopher\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9900000 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-00A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: B5C35EFE944C59530229019F26C1A75A6658D723


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
I tried uninstalling AVG and while it's not here anymore combo fix doesn't want to run as it's still saying it's installed, I tried app remover to see if it's still listed but it's not coming up on that either, what do I do.
 
AVG remover is what I tried first it pulled up a mini black beox and then restarted the pc afterwards and AVG isn't in the task bar or processes list anymore but combo says it's still installed and is dangerous to try using combo when it's installed
 
hi sorry for the hiccup

heres the combofix log for you, can I reinstall AVG now? feeling alittle naked so to speak lol.


ComboFix 11-03-10.04 - Christopher 12/03/2011 18:30:01.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2869 [GMT 0:00]
Running from: c:\users\Christopher\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\users\Christopher\AppData\Roaming\mwll_torrent.dll
c:\windows\system32\Install.cmd
.
.
((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))
.
.
2073-04-13 17:17 . 2006-11-21 20:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-12 18:38 . 2011-03-12 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-12 18:38 . 2011-03-12 18:38 -------- d-----w- c:\users\Christopher\AppData\Local\temp
2011-03-12 18:28 . 2011-03-12 18:28 -------- d-----w- C:\32788R22FWJFW
2011-03-09 17:21 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:21 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 17:21 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:21 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 17:21 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:21 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 17:21 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:21 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 17:21 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 17:21 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 17:21 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 17:21 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\users\Christopher\AppData\Roaming\Malwarebytes
2011-03-08 21:06 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\programdata\Malwarebytes
2011-03-08 21:06 . 2011-03-08 21:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-08 21:06 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 20:44 . 2011-03-04 20:44 -------- d-----w- c:\program files\iPod
2011-03-04 20:44 . 2011-03-04 20:45 -------- d-----w- c:\program files\iTunes
2011-03-04 20:44 . 2011-03-04 20:45 -------- d-----w- c:\program files (x86)\iTunes
2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files\Bonjour
2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files (x86)\Bonjour
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-02-26 01:19 . 2011-02-26 01:19 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2011-02-23 18:22 . 2011-02-23 18:22 -------- d-----w- c:\users\Christopher\AppData\Local\Chromium
2011-02-23 17:12 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2011-02-23 17:12 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 17:12 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-23 17:12 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-23 17:12 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2011-02-23 17:12 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
2011-02-22 21:08 . 2011-02-22 21:08 -------- d-----w- c:\users\Christopher\AppData\Roaming\Amazon
2011-02-22 21:08 . 2011-02-22 21:08 -------- d-----w- c:\users\Christopher\AppData\Local\Amazon
2011-02-22 21:07 . 2011-02-22 21:07 -------- d-----w- c:\program files (x86)\Amazon
2011-02-21 17:28 . 2011-02-21 17:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-02-18 16:36 . 2011-02-18 16:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-12 20:20 . 2011-02-12 20:20 -------- d-----w- c:\program files (x86)\Raven
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-16 19:07 . 2009-05-24 13:33 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-16 19:07 . 2009-04-02 20:45 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-16 19:05 . 2009-04-02 20:45 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-01-08 09:31 . 2011-02-09 18:20 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 07:50 . 2011-02-09 18:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:17 . 2011-02-09 18:20 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 05:57 . 2011-02-09 18:20 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 13:46 . 2011-02-09 18:20 2755584 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:26 . 2011-01-12 10:59 462848 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 14:57 . 2011-01-12 10:59 409600 ----a-w- c:\windows\SysWow64\odbc32.dll
2010-12-23 17:10 . 2010-09-24 16:48 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2010-12-20 16:08 . 2011-02-09 18:20 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 16:04 . 2011-02-09 18:20 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 15:40 . 2011-02-09 18:20 833024 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-20 15:37 . 2011-02-09 18:20 78336 ----a-w- c:\windows\SysWow64\ieencode.dll
2010-12-20 14:37 . 2011-02-09 18:20 485376 ----a-w- c:\windows\system32\html.iec
2010-12-20 14:12 . 2011-02-09 18:20 389632 ----a-w- c:\windows\SysWow64\html.iec
2010-12-20 14:12 . 2011-02-09 18:20 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-20 13:51 . 2011-02-09 18:20 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-12-14 16:20 . 2011-01-12 10:59 1251840 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Google Update"="c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-21 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-01 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 133104]
R2 SrvCDEject;SrvCDEject;c:\program files (x86)\Packard Bell\SrvCDEject.exe [2008-02-26 600576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-08-18 1038088]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000Core.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000UA.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://bridgecommander.filefront.com/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a8,cf,2f,42,e0,e6,08,a2,a7,d1,c2,99,ba,1f,77,5e,51,35,98,a5,54,bc,9b,
cf,ce,d3,ee,c4,d9,5f,01,97,c8,02,3e,96,73,fc,43,cc,38,15,f4,0f,f5,52,56,3a,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\License information*]
"datasecu"=hex:1e,09,a2,8b,79,5e,20,c3,aa,18,a6,97,99,94,cd,95,45,26,e1,de,f5,
8a,9f,3f,bd,59,ae,2d,e7,c3,24,77,00,a2,0f,25,cf,bf,cb,0b,17,2b,3b,e7,c3,55,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-03-12 18:40:24
ComboFix-quarantined-files.txt 2011-03-12 18:40
.
Pre-Run: 41,009,016,832 bytes free
Post-Run: 42,246,656,000 bytes free
.
- - End Of File - - 8BDF0718DADF7B04DAB0662346D1C75D
 
Looks clean.
As I said, most likely, false positive.

You can reinstall AVG now.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
ok I'll run the new scans now, I'll post them asap, I'm reinstalling avg atm, once thats updated and the scans are all done and I post the logs, assuming they are still clear. In a day or two I'll reinstall Supreme Commander forged alliance and see if it still detects it as a threat, though I dont know why it would a fresh new install.
 
hi, heres the security check log, doing the TFC then the ESET thing next.


Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

=======================================================================

When Eset comes up clean, we'll have install Service Pack 2 and upgrade IE to version 8.
 
It's doing the eset scan now currently no threats and it's 63% done. Do I have to update IE if 8 am using chrome? As I use that not internet explored anymore.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back