I have reason to believe that Tune Up 2012 (which optimizes and fiddles with registry) is causing false positives.
The only active Virus Protection I run is Microsoft Security Essentials. Everything has been running at full speed.
Last night I decided to run other Virus Scanners just to be safe and I found a ton of Security.Hijack viruses in "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\".
This user had the same problem as well: http://forums.supera...ositive-or-not/
Is this a false positive and if not did I take the right steps to remove this virus?
All the scans below are the most recent versions.
MSE:
No threats found.
TDSS Killer:
No threats found.
Malwarebytes:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe
ESET Online Scanner:
No threats found.
SuperAntiSpyware:
SUPERAntiSpyware Scan Log
https://www.superantispyware.com
Generated 07/10/2012 at 03:11 PM
Application Version : 5.5.1012
Core Rules Database Version : 8876
Trace Rules Database Version: 6688
Scan type : Complete Scan
Total Scan Time : 00:56:40
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 36790
Registry threats detected : 61
File items scanned : 51601
File threats detected : 179
Security.HiJack[imageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#DisableExceptionChainValidation
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMD OVERDRIVE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMD OVERDRIVE.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASC.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASC.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPLAUNCH.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPLAUNCH.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZGAMESDIAGANDSUPPORT.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZGAMESDIAGANDSUPPORT.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZLAUNCHERUI.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZLAUNCHERUI.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSEMINI.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSEMINI.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSENOW.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSENOW.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LU5.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LU5.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTLINK.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTLINK.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTVIEW.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTVIEW.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PICTUREVIEWER.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PICTUREVIEWER.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QS.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QS.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKSTART.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKSTART.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKTIMEPLAYER.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKTIMEPLAYER.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SBASE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SBASE.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCALC.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCALC.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDRAW.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDRAW.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SIMPRESS.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SIMPRESS.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SLIMDRIVERS.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SLIMDRIVERS.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMATH.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMATH.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOFFICE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOFFICE.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SUC12_UNINSTAL.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SUC12_UNINSTAL.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWRITER.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWRITER.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOOLBOX.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOOLBOX.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TURBOBOOST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TURBOBOOST.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINST.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZUNE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZUNE.EXE#Debugger
Combofix:
Said something about C\Install.exe - didn't say infected.