Inactive-A Avg keeps detecting a trojan horse virus but won't remove it

Status
Not open for further replies.
Candice_R

Candice_R

Posts: 7   +0
I always click on "protect me" and it says after that the threats have been removed but then ten minutes later it detects another trojan horse. I don't know what to do anymore :/
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Candice Ramkissoon :: CANDICE [administrator]

Protection: Enabled

2/15/2014 8:13:48 PM
mbam-log-2014-02-15 (20-13-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227600
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Detected: 4
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (PUP.Optional.SafetyNut.A) -> 2100 -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (PUP.Optional.SafetyNut.A) -> 2516 -> Delete on reboot.
C:\Users\Candice Ramkissoon\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 4800 -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe (PUP.Optional.SafetyNut.A) -> 5372 -> Delete on reboot.

Memory Modules Detected: 3
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.dll (PUP.Optional.SafetyNut.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.

Registry Keys Detected: 34
HKLM\SYSTEM\CurrentControlSet\Services\SafetyNutManager2 (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021806.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021806.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021806.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021806.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\somotomoviestoolbar1 (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\Innovative Apps (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard.1 (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DATAMNGR (PUP.Optional.MoviesToolbar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SAFETYNUT (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{338a754c-b46e-4bf2-8ac8-23de36862ad3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{338A754C-B46E-4BF2-8AC8-23DE36862AD3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{934BEE21-C5A4-457E-B130-77CA098FBBD3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{6014D692-4409-4EDD-ABB2-36CA26DC2A2E} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\somotomoviestoolbar1CR (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181106} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110211181106} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440244184406} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550255185506} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181106} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181106} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181106} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181106} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SDP (PUP.Optional.FilesFrog.A) -> Data: C:\Users\Candice Ramkissoon\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto -> Quarantined and deleted successfully.
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Quarantined and deleted successfully.
HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Data: network_adworkmedia_1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Datamngr|uninstallstring (PUP.Optional.MoviesToolbar.A) -> Data: C:\Program Files (x86)\Movies Toolbar\SafetyNut\uninstall.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SafetyNut|browser (PUP.Optional.SafetyNut.A) -> Data: cr -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (c:\progra~3\wincert\win32c~1.dll) Good: () -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.MoviesToolBar.A) -> Bad: (c:\progra~2\movies~1\safety~1\safety~2.dll) Good: () -> Quarantined and repaired successfully.

Folders Detected: 12
C:\ProgramData\SafetyNut (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Delete on reboot.
C:\Users\Candice Ramkissoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Movies Toolbar\SafetyNut (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1 (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\GC (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64 (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Users\Candice Ramkissoon\AppData\Local\Updater21806 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

Files Detected: 66
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (PUP.Optional.SafetyNut.A) -> Delete on reboot.
C:\Users\Candice Ramkissoon\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe (PUP.Optional.SafetyNut.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.dll (PUP.Optional.SafetyNut.A) -> Delete on reboot.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\FLVPlayerSetup.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\run.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\43B8B16A-BAB0-7891-94AA-071F60CFC5AC\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\43B8B16A-BAB0-7891-94AA-071F60CFC5AC\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\43B8B16A-BAB0-7891-94AA-071F60CFC5AC\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\43B8B16A-BAB0-7891-94AA-071F60CFC5AC\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\nsa8AC0.tmp-2\APN_ATU3_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\nsaAACA.tmp-2\APN_ATU3_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\nsn8AF7.tmp-2\APN_ATU3_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\nsrAF81.tmp-2\APN_ATU3_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\nstE0B.tmp-2\APN_ATU3_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\c7324421\MoviesToolbarSetup_Somoto.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Downloads\Capital Cities Capital Cities Safe And Sound__3055_il6811251.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Downloads\SoftonicDownloader_for_calibre.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Downloads\SoftonicDownloader_for_firefox-for-windows-8.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Downloads\VLCMediaPlayerSetup-cTcW3ua.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Local Settings\Temporary Internet Files\Content.IE5\6P3NJCIC\SoftonicDownloader_for_google-chrome.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Local Settings\Temporary Internet Files\Content.IE5\K344RMDB\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate[1].exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\Local Settings\Temporary Internet Files\Content.IE5\XUP3RT2S\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\ProgramData\SafetyNut\coordinator.cfg (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
C:\ProgramData\SafetyNut\general.cfg (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
C:\ProgramData\SafetyNut\S-1-5-21-70779075-889442491-4032180335-1001.cfg (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
C:\ProgramData\SafetyNut\S-1-5-32.cfg (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\CT3289075\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\CT3289075\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Candice Ramkissoon\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\del_DM_DLL_nslC9ED.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\del_DM_LL_nslC9ED.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\del_mg_nslC9ED.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\Helper.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\Internet Explorer Settings.exe (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr_u.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut_ie.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\Uninstall.exe (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\GC\install.ico (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\GC\uninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\del_DM_LL_nslC9ED.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\Internet Explorer Settings.exe (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr_u.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut_ie.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:\Users\Candice Ramkissoon\AppData\Local\Updater21806\Updater21806.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Deals Plugin Extension\Deals Plugin Extension.dll (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798 BrowserJavaVersion: 10.40.2
Run by Candice Ramkissoon at 20:47:04 on 2014-02-15
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3975.1884 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Candice Ramkissoon\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
C:\Users\Candice Ramkissoon\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCWebServer.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-102&v=a9397-147&t=4
uDefault_Page_URL = hxxp://sony13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\Candice Ramkissoon\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5accfe72e35647d39dce693f7903ea23-e8db41381a13eca801ab1323a5601f301419acca --CMPID 0913b
uRun: [FLV Player] C:\Users\Candice Ramkissoon\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
uRun: [uTorrent] "C:\Users\Candice Ramkissoon\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRunOnce: [Uninstall C:\Users\Candice Ramkissoon\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Candice Ramkissoon\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
uRunOnce: [Uninstall C:\Users\Candice Ramkissoon\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Candice Ramkissoon\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{04AE8599-26C2-49A8-BC82-129FA8BDBF4C} : DHCPNameServer = 127.0.0.1
TCP: Interfaces\{6A6035E4-587B-4698-8F5C-525E68097F12} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6A6035E4-587B-4698-8F5C-525E68097F12}\27169716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6A6035E4-587B-4698-8F5C-525E68097F12}\35572757A62616C6C697 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\wincert\win32c~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\Windows\SysWOW64\Rundll32.exe" "c:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Candice Ramkissoon\AppData\Roaming\Mozilla\Firefox\Profiles\ilef483p.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-10 31544]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-25 645952]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-10-21 252728]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-8-2 92536]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-11-5 231040]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-2 2445968]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-2 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-2 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-15 701512]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-2 364416]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-7 1770312]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-11-5 323584]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-8-2 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-8-2 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-8-2 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-8-2 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-8-2 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-8-2 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-8-2 135832]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\Drivers\btath_vdp.sys [2012-8-2 427416]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-2 576152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-10-9 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-2-15 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-8-2 339600]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-10-9 683664]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\Drivers\SFEP.sys [2012-7-16 14336]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-10-24 44344]
R3 SOWS;Sony Wireless State Device;C:\Windows\System32\Drivers\sows.sys [2012-7-5 24280]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2013-2-26 57976]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-8-2 1369136]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\Drivers\e1y60x64.sys [2012-6-2 283136]
S3 NetworkSupport;NetworkSupport;C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [2012-8-2 639576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-10-15 123616]
S3 SOHDms;VAIO Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2012-10-15 461024]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-10-15 78560]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-8-2 476328]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2012-9-28 964608]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-02-16 00:10:16 -------- d-----w- C:\Users\Candice Ramkissoon\AppData\Roaming\Malwarebytes
2014-02-16 00:10:05 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-16 00:10:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-16 00:10:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-15 18:45:49 257200 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10233.bin
2014-02-12 02:28:59 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-02-12 02:27:59 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-02-12 02:27:59 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 02:27:58 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 02:27:57 583680 ----a-w- C:\Windows\System32\msdrm.dll
2014-02-12 02:27:57 451072 ----a-w- C:\Windows\SysWow64\msdrm.dll
2014-02-12 02:22:54 3842560 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 02:22:53 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 02:22:53 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 02:22:52 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
.
==================== Find3M ====================
.
2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-01 09:19:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-01 09:19:36 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-01 09:18:25 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-01 07:58:24 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-01 07:57:20 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-01-30 21:10:35 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 21:10:35 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-07 06:37:24 688640 ----a-w- C:\Windows\System32\WSShared.dll
2013-12-07 06:37:24 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15:46 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2013-12-07 05:15:46 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-04 23:43:46 1845248 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-04 23:37:09 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:47:56.53 ===============
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume3
Install Date: 4/23/2013 6:42:03 PM
System Uptime: 2/15/2014 8:28:49 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz | N/A | 2500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 434 GiB total, 274.412 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP53: 2/14/2014 8:14:03 AM - Windows Update
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
==== Installed Programs ======================
.
µTorrent
ACID Music Studio 9.0
Adobe Reader XI (11.0.06) MUI
aTube Catcher
AVG 2014
AVG Nation toolbar
calibre
CyberLink Power2Go 8
CyberLink PowerDVD
D3DX10
Deals Plugin Extension
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DVD Architect Studio 5.0
FDUx86
FLV Player
Google Chrome
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 40
Java 7 Update 9 (64-bit)
Java Auto Updater
KUx86
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Movie Studio Platinum 12.0 (64-bit)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
Networkx64
Nightly 28.0a1 (x86 en-US)
Photo Common
Photo Gallery
PlayMemories Home
Qualcomm Atheros Bluetooth Suite (64)
Reader for PC
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Restore
Sound Forge Audio Studio 10.0
SSLx64
SSLx86
Synaptics Pointing Device Driver
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
VAIO - Xperia Link
VAIO Care
VAIO Control Center
VAIO CPU Fan Diagnostic
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Gate
VAIO Gate Default
VAIO Gesture Control
VAIO Hardware Diagnostics Plugin for VAIO Care
VAIO Health Report
VAIO Image Optimizer
VAIO Improvement
VAIO Manual
VAIO Media Server Settings
VAIO Movie Creator
VAIO Movie Creator Template Data
VAIO Transfer Support
VAIO Update
VCCx64
VCCx86
VGClientX64
VHD
VirtualCloneDrive
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VIx64
VIx86
VLC media player 2.1.2
VMLx86
VPMx64
VSSTx64
VSSTx86
VU5x64
VU5x86
VUx64
VUx86
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
XperiaLinkx86
.
==== Event Viewer Messages From Past Week ========
.
2/14/2014 7:53:34 AM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
.
==== End Of File ===========================
 
redtarget.gif
What is the file name/location indicated by AVG?

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Hello, sorry for the late response

How do I get the information of the file name and location in Avg?

Here's the report on the Rogue Killer scan:
RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Candice Ramkissoon [Admin rights]
Mode : Remove -- Date : 02/18/2014 20:29:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] WebPlayer.exe -- C:\Users\Candice Ramkissoon\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Candice Ramkissoon\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5accfe72e35647d39dce693f7903ea23-e8db41381a13eca801ab1323a5601f301419acca --CMPID 0913b [x][x][x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : FLV Player (C:\Users\Candice Ramkissoon\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-70779075-889442491-4032180335-1001\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Candice Ramkissoon\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5accfe72e35647d39dce693f7903ea23-e8db41381a13eca801ab1323a5601f301419acca --CMPID 0913b [x][x][x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-70779075-889442491-4032180335-1001\[...]\Run : FLV Player (C:\Users\Candice Ramkissoon\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [-]) -> [0x2] The system cannot find the file specified.
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [x]) -> DELETED
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [x]) -> DELETED
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [x]) -> DELETED
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [x]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Updater21806.exe : C:\Users\Candice - Ramkissoon\AppData\Local\Updater21806\Updater21806.exe /extensionid=21806 /extensionname="Deals Plugin Extension" /chromeid=bbhgoadfgiandmaieopaphefbhcdpfaf [x][x][x] -> DELETED
 
The other reports will be posted shortly but just to update you on how my computer is functioning: its doing really well, nothing has gone wrong so far and avg has stopped detecting the trojan horse virus :)
 
Here's the system log, for some reason I can't find the mbar log in the MBAR folder
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16798

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4168372224, free: 1707540480

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16798

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4168372224, free: 1728159744

Downloaded database version: v2014.02.19.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
02/18/2014 20:54:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\wd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\SFEP.sys
\SystemRoot\System32\drivers\sows.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_vdp.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80041a2060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xfffffa80041d3060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80041a2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80041a2b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80041a2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80041d4910, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80041d3060, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A01A64CF

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3836540387
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 7da0c75f-8246-400d-a9e4-a2cea44867b
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3739886439
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 867ecc8a-fa15-445d-96bc-57cbb49d2b9f
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128

Partition 0 Type f4019732-66e-4e12-8273-346c5641494f
Partition ID fc7845b5-9354-4ff7-83ec-bae5dda37889
FirstLBA 2048 Last LBA 534527
Attributes 1
Partition Name EFI system partition

Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID b5ad946c-6f55-41a3-8833-f642d4e1de41
FirstLBA 534528 Last LBA 3553279
Attributes 1
Partition Name Basic data partition

Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID fca8f966-b792-4f26-8ec1-7a8d82d1b7e4
FirstLBA 3553280 Last LBA 4085759
Attributes 0
Partition Name EFI system partition

GPT Partition 2 is bootable
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID edc34ede-1cea-4f94-aadd-42953768f81
FirstLBA 4085760 Last LBA 4347903
Attributes 0
Partition Name Microsoft reserved partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4c87a9a1-7582-411e-b5cb-ce8c7eafaf5
FirstLBA 4347904 Last LBA 914137087
Attributes 0
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 85e98352-81a2-4728-91f2-91ec64e652ec
FirstLBA 914137088 Last LBA 976773119
Attributes 1
Partition Name Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgrs.log.1" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.1" is compressed (flags = 1)
Scan finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
544
Mark Fuller
M
midian182
Facebook to remove the News tab in US and Australia as company shifts its focus
Replies
6
Views
176
erickmendes
erickmendes
midian182
Meta given 30 days to cease using the name Threads by company that trademarked it 11 years...
Replies
4
Views
329
Puiu
Puiu

Latest posts

Back