Possible problem....

[studiocomputer]

Before I run malwarebytes, I need to ask a question.

I received a popup that says it was from AVG. It said it found a threat under sony/vaio/first experience/miniprogram.exe

I do not know what first experience is unless it is something that launches to use computer the first time when it is new. That is my guess.I allowed AVG to put it in the vault. Using AVG info from vault it said that "details of threat that was determined to be malware" and then gives me all of the information about it.

2 processes terminated

2 files deleted

1 registry key deleted

files deleted:

QQODSC_D.DLL

MINIPROGRAM.EXE

All registry keys deleted:

hkey_local_machine/software/wow6432\microsoft\windows\currentversion\run\ launcherrequestedprograms

Is this something that is needed upon computer starting up: hkey_local_machine/software/wow6432\microsoft\windows\currentversion\run\ launcherrequestedprograms

I have not turned off the computer since this occured and I am currently backing up files so I can run malwarebytes. I have used Malwarebytes in the past on my other computer and it has always been 100%.

So before I do anything else, I was not sure if the hkey I pasted above is needed upon restart of the computer, if I should leave it in the vault or what? For when I do turn the computer off and backon I didn't know if it would turn back on correctly with the hkley and the first experience miniprogram in the vault.

If you can help me with this question before I run malwarebytes I would really appreciate it.

Thank you.

[Maurice Naggar]

I do not believe that sub-key is needed to run your Windows system.

What is your make/model of pc ?

It is possible the key "may" be related to an addon placed by your computer manufacturer at the factory.

It is possible that AVG is overly sensitive. On the other hand, the key (as you have it above) looks questionable.

When the MBAM is finished, Copy and Paste it into your reply.

ALSO, Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.scr here

or http://download.bleepingcomputer.com/sUBs/dds.com or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:
DDS.txt
Attach.txt
Download Security Check by screen317 from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

[studiocomputer]

It's a Sony Vaio running Windows 7 service pack 1 shows windows date as 2009

Computer is operating just fine. I was concerned after going to a webpage and computer froze up. Was not able to to anything except turn it off and back on. That is when the AVG alert pop-up said it saw c:\program files\sony\first experience\miniprogram.exe as a threat and asked if I wanted to quarantine it or allow it. i did quarantine after researching the net for information about sony\first experience\miniprogram I was unable to find any information except on webpages where people had posted their log files that it would have a line within the log that referred to first experience\miniprogram.exe just because of the log files being scanned, etc.

My thought is I may have quarantined it along with the hkey and when I do turn off and power back on that perhaps it won't restart because of the file being in the AVG vault.

I have saved my most important files today on a usb drive. I was planning to run malwarebytes but if i recall correctly, after it runs it reboots the computer. So that is where my concern is, ...will it reboot if that hkey is in the vault?

Thank you.

[Maurice Naggar]

MBAM rarily forces a reboot. Have you run the MBAM scan? Please do so.

I think you are overly-worried for no good reason.

[studiocomputer]

I think you are correct. I'm working on a special project right now with this same computer so hoping all is ok but just wanting to make sure.

I'll let you know after I run malwarebytes.

Thank you.

[studiocomputer]

Just letting you know...been a busy day and still going to run malwarebytes. Sorry for delay.

[Maurice Naggar]

Post copy of the MBAM scan log after you have done the scan.

MINIPROGRAM.EXE is a utility that comes with Sony systems. Me thinks this is all due to a false positive by AVG, which you should report to AVG support.

[studiocomputer]

Okay thank you for the info on the sony program. Since it is still in avg vault I hope when I turn computer back on it will boot up properly. maybe I should take it out of the vault? Let me know if you think I should take it out of the vault after you see this copy of report:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.06.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: COMPUTER [administrator]

Protection: Enabled

9/6/2012 3:58:49 PM

mbam-log-2012-09-06 (15-58-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 255099

Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Maurice Naggar]

Go to the AVG vault, and have it restore the items back onto the system.

Then logoff and Restart fresh.

Make doubly-positive sure that your AVG is up-to-date.

The MBAM result is good.

[studiocomputer]

Okay I will do that and post back here.

Thank you.

[Maurice Naggar]

Please provide a status update. How's it going ?

[Maurice Naggar]

This thread will be closed if I do not hear back from you before end-of-day 9 SEPT

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!