My laptop is infected ......eekk

tonydude · 14-09-2013 03:15AM #1

Hi guys really need some help with my laptop, I recently did a scan with a malware removal tool and it stated I have over 200 infected files and I also have this annoying qvo6 thing . My browsing has become annoying now with ads popping up everywhere and when I open my browser instead of my homepage it goes to this google looking qv06 page. Is there any FREE removal tool to sort these things out. I tried to sort out the qv06 thing myself by going into safe mode and deleteing it from my homepage settings , it didn't work ...Help

ps: Norton is useless , why do I keep getting it

T-K-O · 14-09-2013 03:22AM

Check this out

http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/how-to-remove-the-program-qv06com/5bf3c454-6b45-40f2-9045-009ee21c12e3

For anti virus, I use Avast - it's free and to date has never let me down

freetoall · 14-09-2013 09:03AM

The best thing to do is do a complete system reboot and restore to factory setting. Check up the name and model of your computer and it should give you details.

jsa112 · 14-09-2013 01:09PM

download and run combofix

http://www.bleepingcomputer.com/download/combofix/

post its log

tonydude · 16-09-2013 06:06AM

Ok Malware got rid of just over 100 infected and I did combofix, this is the log:

ComboFix 13-09-14.01 - Tony 16/09/2013 6:54.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.353.1033.18.8139.6002 [GMT 1:00]
Running from: c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R2SAKYE\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\337
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\users\Tony\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 )))))))))))))))))))))))))))))))
.
.
2013-09-16 05:59 . 2013-09-16 05:59

d

w- c:\users\Default\AppData\Local\temp
2013-09-16 05:27 . 2013-09-16 05:43

d

w- c:\programdata\AVG2013
2013-09-16 05:24 . 2013-09-16 05:43

d

w- c:\users\Tony\AppData\Local\Avg2013
2013-09-14 03:27 . 2013-09-14 03:27

d

w- c:\users\Tony\AppData\Roaming\Malwarebytes
2013-09-14 03:27 . 2013-09-14 03:27

d

w- c:\programdata\Malwarebytes
2013-09-14 03:27 . 2013-09-14 03:27

d

w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-14 03:27 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-13 03:41 . 2013-09-13 03:41 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-11 11:03 . 2013-09-11 11:03

d

w- c:\program files\Enigma Software Group
2013-09-11 11:03 . 2013-09-11 11:41

d

w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-11 11:03 . 2013-09-11 11:03

d

w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-09-11 10:58 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 10:02 . 2013-09-11 10:02

d

w- c:\users\Tony\AppData\Roaming\TuneUp Software
2013-09-11 10:01 . 2013-09-11 10:01

d

w- c:\program files (x86)\AVG
2013-09-11 10:00 . 2013-09-11 10:00

d

w- c:\programdata\CDB
2013-09-11 09:58 . 2013-09-16 05:43

d

w- c:\programdata\MFAData
2013-09-11 09:58 . 2013-09-11 09:58

d--h--w- c:\programdata\Common Files
2013-09-11 09:58 . 2013-09-11 09:58

d

w- c:\users\Tony\AppData\Local\MFAData
2013-09-11 08:36 . 2013-09-11 08:39

d

w- c:\program files (x86)\hdvidcodec.com
2013-09-08 14:45 . 2013-09-14 03:39

d

w- c:\programdata\DSearchLink
2013-09-08 14:45 . 2013-09-08 14:50

d

w- c:\program files (x86)\WebConnect
2013-09-08 14:44 . 2013-09-08 14:44

d

w- c:\program files (x86)\FLVPlayer
2013-09-08 12:29 . 2013-09-08 12:29

d

w- c:\users\Tony\AppData\Roaming\Publish Providers
2013-09-07 12:11 . 2013-09-07 12:11

d

w- c:\windows\SysWow64\searchplugins
2013-09-07 12:11 . 2013-09-07 12:11

d

w- c:\windows\SysWow64\Extensions
2013-09-07 12:10 . 2013-09-07 12:10

d

w- c:\programdata\Babylon
2013-09-06 02:38 . 2013-09-06 02:38 389120 ----a-w- c:\windows\SysWow64\RegistryHelperLM.ocx
2013-08-25 12:21 . 2013-08-25 12:21

d

w- c:\users\Tony\AppData\Local\Cyberlink
2013-08-25 12:21 . 2013-08-25 12:21

d

w- c:\users\Tony\AppData\Roaming\CyberLink
2013-08-24 14:49 . 2013-08-24 16:01

d

w- c:\users\Tony\AppData\Roaming\Skype
2013-08-24 14:49 . 2013-08-24 14:50

d

r- c:\program files (x86)\Skype
2013-08-24 14:49 . 2013-08-24 14:49

d

w- c:\program files (x86)\Common Files\Skype
2013-08-24 14:49 . 2013-08-24 14:50

d

w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 11:26 . 2013-08-07 08:34 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2013-08-08 12:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-08-08 12:58 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-06 07:31 . 2013-08-06 07:31 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-08-05 11:43 . 2013-08-05 11:43 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-08-05 11:43 . 2013-08-05 11:43 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-08-05 11:42 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 06:18 . 2013-08-15 09:14 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-15 09:14 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-15 09:14 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-15 09:14 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-15 09:14 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-15 09:14 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-15 09:14 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-15 09:14 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-15 09:14 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-15 09:16 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 08:34 . 2013-08-08 09:53 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2FC1AE0-27BE-4DD7-ABCE-A3CA8F3D9403}\mpengine.dll
2013-07-02 00:44 . 2013-08-15 10:01 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-15 10:01 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-08-06 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-06 1811368]
"SDP"="c:\users\Tony\AppData\Local\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2012-08-17 68776]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-07-27 724576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-08-07 78352]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2013-07-17 156000]
"Intel AppUp(R) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2013-07-17 156000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Content Manager Assistant for PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-6-18 3505048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/10/18 10:39;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 NetworkSupport;NetworkSupport;c:\program files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe;c:\program files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130913.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130913.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys;c:\windows\SYSNATIVE\drivers\btath_vdp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 cpuz134;cpuz134;c:\users\Tony\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Tony\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SOWS;Sony Wireless State Device;c:\windows\System32\drivers\sows.sys;c:\windows\SYSNATIVE\drivers\sows.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 07:16]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 07:16]
.
.

X64 Entries

.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-20 1214608]
"BtPreLoad"="c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe" [2012-12-28 64640]
.

Supplementary Scan

.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.

LOCKED REGISTRY KEYS

.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeEx]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-09-16 07:01:31
ComboFix-quarantined-files.txt 2013-09-16 06:01
.
Pre-Run: 851,627,266,048 bytes free
Post-Run: 850,623,463,424 bytes free
.
- - End Of File - - 2DF138F71C87704EB9ADB503BCA9D7FC

jsa112 · 16-09-2013 07:23AM

can you post the malwarebytes log too

tonydude · 16-09-2013 07:49AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.16.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Tony :: VAIO [administrator]

Protection: Enabled

16/09/2013 08:46:20
mbam-log-2013-09-16 (08-46-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226606
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

jsa112 · 16-09-2013 09:28AM

hows it running

tonydude · 16-09-2013 09:53AM

Works good but I did a scan a week ago with something that required payment and found a lot of stuff so wanted it gone

jsa112 · 16-09-2013 03:11PM

you can ignore that since mbam found nothing

tonydude · 17-09-2013 10:45AM

Thanks guys, appreciate the help

My laptop is infected ......eekk

Comments