TechSpot

[AVG FP] Trojan Horse PSW.Generic 10.BNPL/10.BNPN detected!

Inactive
By jrexha
Feb 2, 2013
  1. Hi, I'd used my new laptop yesterday for a short while after first setting it all up which included using the internet for sites such as Facebook, Google etc. Just general things to check out the new Windows 8 and everything.

    However, I realised today I'd forgotten to install an anti-virus before going online. I did so, and I soon started receiving threat detections related to two files in the WINDOWS\System32 directory, they are titled 'audiodg.exe" and "FlashUtil_ActiveX.exe" (the latter which is in the WINDOWS\System32\Macromed\Flash\ directoy). Although, when you click to show more details, the actual files shown are either svchost.exe, Explorer.EXE, Taskmgr.exe and even the mbam.exe which was first detected when I ran it to scan. I have the list of detected viruses so far here (and also just now suddenly in some WinSxS\amd64... directory):

    Resident Shield detection
    "Infection";"Object";"Result";"Detection time";"Object Type";"Process"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 20:20:46";"file";"C:\Windows\System32\svchost.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 20:20:46";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20555_none_d0147a4a87685846\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20548_none_d0224b14875d885a\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20539_none_d02e1b4a875485c0\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20534_none_d02919d88759070d\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20521_none_d030e8e687539f17\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16451_none_cf86dc576e4e5320\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16444_none_cf94ad216e438334\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16437_none_cfa27deb6e38b348\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16433_none_cf9e7cc36e3c4dec\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16420_none_cfa64bd16e36e5f6\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPN";"c:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20588_none_84f72b440c6dcc0d\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 20:19:30";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPN";"c:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16483_none_84688d06f354ad90\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 20:19:30";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:42:46";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:41:13";"file";"C:\Windows\System32\svchost.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:02:53";"file";"C:\Windows\Explorer.EXE"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:00:33";"file";"C:\Windows\System32\Taskmgr.exe"
    "Trojan horse PSW.Generic10.BNPN";"c:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 18:58:45";"file";"C:\Windows\system32\svchost.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:58:29";"file";"C:\Windows\System32\svchost.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:49:10";"file";"C:\Windows\Explorer.EXE"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:46:19";"file";"C:\Windows\System32\svchost.exe"
    "Trojan horse PSW.Generic10.BNPN";"c:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 18:32:45";"file";"C:\Windows\system32\svchost.exe"
    "Trojan horse PSW.Generic10.BNPN";"c:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 18:30:37";"file";"C:\Windows\system32\svchost.exe"
    "Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:26:17";"file";"C:\Windows\System32\svchost.exe"

    I have the log from the MBAM as requested in the instructions which says it found no malware, however I don't seem to be able to download DDS from either of the provided links, I even tried bleeping computer.

    Here is the MBAM quickscan log:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.02.07

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    John :: JOHN-PC [administrator]

    Protection: Enabled

    02/02/2013 19:42:34
    mbam-log-2013-02-02 (19-42-34).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206668
    Time elapsed: 1 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    A full scan also returned nothing for malware detection.
    Would really love some advice on this! I've never even had so much as a whiff of a virus on my PC or anything else in the past 5 or more years and now suddenly for something to infect my system for such a silly mistake as forgetting to protect it from the get go seems almost mocking - and not to mention humbling!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================

    Uploaded DDS for you here: http://www.filedropper.com/dds
     
  3. jrexha

    jrexha TS Rookie Topic Starter

    I don't know why I didn't try this earlier, but that link doesn't work either, so I tried it on my desktop PC and it worked fine, I put it in a USB and transferred it over. I had a hunch that this virus or whatever it is must have been blocking my access to anything related to it maybe and it seems that might be true!

    Anyway, here are the DDS logs:
    (DDS.txt)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453
    Run by John at 21:29:50 on 2013-02-02
    Microsoft Windows 8 Pro 6.2.9200.0.1252.44.1033.18.8081.5754 [GMT 0:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgam.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\taskhostex.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\PHotkey\PHotkey.exe
    C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
    C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
    C:\Program Files (x86)\PHotkey\HCSynApi.exe
    C:\Program Files (x86)\PHotkey\PVDesktop.exe
    C:\Program Files (x86)\PHotkey\PVDAgent.exe
    C:\Program Files (x86)\PHotkey\MyWiMax.exe
    C:\Program Files (x86)\PHotkey\POSD.exe
    C:\Program Files (x86)\PHotkey\GPMTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    mWinlogon: Userinit = userinit.exe
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{6B5667C7-BDE0-4316-9C06-0157E07701F1} : DHCPNameServer = 192.168.1.254
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\Drivers\avgrkx64.sys [2013-2-2 56008]
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-2-1 645952]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\Drivers\avgldx64.sys [2013-2-2 269904]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\Drivers\avgmfx64.sys [2013-2-2 35664]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\Drivers\avgtdia.sys [2013-2-2 317520]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688]
    R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2013-2-2 921952]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2013-2-2 308136]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-2-1 1091520]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-2-1 1112000]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]
    R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2013-2-1 156672]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IASTORDATAMGRSVC.EXE [2013-2-1 7168]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-7-24 146984]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-2 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-2 682344]
    R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2013-2-1 14344]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
    R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2013-2-1 110592]
    R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2013-2-1 825344]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2013-2-1 55848]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-7-24 20968]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-7-24 19944]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-7-24 46016]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-2-2 24176]
    R3 NETwNe64;@oem9.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-8-19 4273192]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RTSUSTOR.SYS [2013-2-1 252048]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-1 690832]
    R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-2-1 34752]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2013-2-2 1025352]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    .
    =============== Created Last 30 ================
    .
    2013-02-02 19:41:09--------d-----w-C:\Users\John\AppData\Roaming\Malwarebytes
    2013-02-02 19:40:54--------d-----w-C:\ProgramData\Malwarebytes
    2013-02-02 19:40:5324176----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-02-02 19:40:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-02 19:40:33--------d-----w-C:\Users\John\AppData\Local\Programs
    2013-02-02 18:20:03--------d--h--w-C:\ProgramData\Common Files
    2013-02-02 18:20:0256008----a-w-C:\Windows\System32\drivers\avgrkx64.sys
    2013-02-02 18:20:0213048----a-w-C:\Windows\System32\avgrssta.dll
    2013-02-02 18:20:01317520----a-w-C:\Windows\System32\drivers\avgtdia.sys
    2013-02-02 18:19:59269904----a-w-C:\Windows\System32\drivers\avgldx64.sys
    2013-02-02 18:19:5835664----a-w-C:\Windows\System32\drivers\avgmfx64.sys
    2013-02-02 18:19:58--------d-----w-C:\Windows\System32\drivers\Avg
    2013-02-02 18:19:56--------d-----w-C:\ProgramData\AVG Security Toolbar
    2013-02-02 18:17:17--------d-----w-C:\Program Files (x86)\AVG
    2013-02-02 18:17:04--------d-----w-C:\ProgramData\avg9
    2013-02-02 16:38:05--------d-----w-C:\Users\John\AppData\Local\Eclipse
    2013-02-02 16:37:59--------d-----w-C:\Users\John\workspace
    2013-02-02 16:15:13627600----a-w-C:\Windows\System32\deployJava1.dll
    2013-02-02 16:12:1118528----a-w-C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
    2013-02-02 16:10:399161176----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA5CE604-4C5F-40F3-A724-B0048D5B6624}\mpengine.dll
    2013-02-02 02:52:48--------d-----w-C:\Windows\Panther
    2013-02-01 21:38:523554304----a-w-C:\Windows\System32\tquery.dll
    2013-02-01 21:35:5476288----a-w-C:\Windows\System32\newdev.exe
    2013-02-01 21:34:55246784----a-w-C:\Windows\SysWow64\ubpm.dll
    2013-02-01 21:33:58710656----a-w-C:\Windows\System32\winhttp.dll
    2013-02-01 21:16:16--------d--h--w-C:\Windows\System32\WLANProfiles
    2013-02-01 21:16:022367528----a-w-C:\Windows\System32\WSService.dll
    2013-02-01 21:16:0213640704----a-w-C:\Windows\System32\Windows.UI.Xaml.dll
    2013-02-01 21:14:31--------d-----w-C:\Program Files (x86)\PHotkey
    2013-02-01 21:13:5894656----a-w-C:\Windows\System32\WPRO_41_2001woem.tmp
    2013-02-01 21:13:5834752----a-w-C:\Windows\System32\drivers\WPRO_41_2001.sys
    2013-02-01 21:11:40825344----a-w-C:\Windows\System32\drivers\btmhsf.sys
    2013-02-01 21:11:4055848----a-w-C:\Windows\System32\drivers\iBtFltCoex.sys
    2013-02-01 21:11:401721216----a-w-C:\Windows\System32\WdfCoInstaller01009.dll
    2013-02-01 21:11:40110592----a-w-C:\Windows\System32\drivers\btmaux.sys
    2013-02-01 21:10:26--------d-----w-C:\Users\John\AppData\Roaming\Intel
    2013-02-01 21:10:19--------d-----w-C:\Users\John\Roaming
    2013-02-01 21:10:19--------d-----w-C:\ProgramData\Roaming
    2013-02-01 21:09:53--------d-----w-C:\Program Files\Common Files\Intel
    2013-02-01 21:09:53--------d-----w-C:\Program Files (x86)\Cisco
    2013-02-01 21:09:52--------d-----w-C:\ProgramData\Intel.sav
    2013-02-01 21:08:50--------d-----w-C:\Windows\SysWow64\sda
    2013-02-01 21:08:449888912----a-w-C:\Windows\SysWow64\RtsUStoricon.dll
    2013-02-01 21:08:44422544----a-w-C:\Windows\System32\RtsUStor.dll
    2013-02-01 21:08:44252048----a-w-C:\Windows\System32\drivers\RTSUSTOR.SYS
    2013-02-01 21:07:38--------d-----w-C:\Program Files\Synaptics
    2013-02-01 21:03:31--------d-----w-C:\Program Files (x86)\Common Files\Intel Corporation
    2013-02-01 20:57:02--------d-----w-C:\Users\John\AppData\Roaming\Intel Corporation
    2013-02-01 20:51:1774344----a-w-C:\Windows\System32\RtNicProp64.dll
    2013-02-01 20:51:17690832----a-w-C:\Windows\System32\drivers\Rt630x64.sys
    2013-02-01 20:51:13--------d-----w-C:\Program Files (x86)\Realtek
    2013-02-01 20:47:5653248----a-w-C:\Windows\SysWow64\CSVer.dll
    2013-02-01 20:23:44--------d-----w-C:\Users\John\AppData\Local\Google
    2013-02-01 20:21:55--------d-----r-C:\Windows\BrowserChoice
    2013-02-01 20:19:579161176----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-02-01 20:19:40273840------w-C:\Windows\System32\MpSigStub.exe
    2013-02-01 20:17:0117888----a-w-C:\Windows\System32\msvcr100_clr0400.dll
    2013-02-01 20:17:0017888----a-w-C:\Windows\SysWow64\msvcr100_clr0400.dll
    2013-02-01 20:11:402361344----a-w-C:\Windows\System32\msxml6.dll
    2013-02-01 20:07:5856832----a-w-C:\Windows\System32\OpenCL.DLL
    2013-02-01 20:07:5856320----a-w-C:\Windows\SysWow64\OpenCL.DLL
    2013-02-01 20:07:58--------d-----w-C:\Intel
    2013-02-01 18:48:33454456----a-w-C:\Windows\System32\drivers\SynTP.sys
    2013-02-01 18:48:33229176----a-w-C:\Windows\System32\SynTPAPI.dll
    2013-02-01 18:48:33177976----a-w-C:\Windows\System32\SynTPCo14.dll
    2013-02-01 18:48:33113976----a-w-C:\Windows\SysWow64\SynTPCOM.dll
    2013-02-01 18:48:31535864----a-w-C:\Windows\SysWow64\SynCOM.dll
    2013-02-01 18:48:311048576----a-w-C:\Windows\System32\syndata.bin
    2013-02-01 18:48:311046840----a-w-C:\Windows\System32\SynCOM.dll
    2013-02-01 18:46:36645952----a-w-C:\Windows\System32\drivers\iaStorA.sys
    .
    ==================== Find3M ====================
    .
    2012-12-18 23:32:5880728----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-18 23:32:58695640----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 08:28:2046080----a-w-C:\Windows\System32\atmlib.dll
    2012-12-16 08:20:0135328----a-w-C:\Windows\SysWow64\atmlib.dll
    2012-12-16 08:08:33362496----a-w-C:\Windows\System32\atmfd.dll
    2012-12-16 07:57:09300032----a-w-C:\Windows\SysWow64\atmfd.dll
    2012-12-06 04:23:00170496----a-w-C:\Windows\System32\TimeBrokerServer.dll
    2012-12-06 04:22:59178176----a-w-C:\Windows\System32\SystemEventsBrokerServer.dll
    2012-12-04 04:21:42368640----a-w-C:\Windows\System32\sppwinob.dll
    2012-12-04 03:59:084055552----a-w-C:\Windows\System32\win32k.sys
    2012-11-29 05:05:57707584----a-w-C:\Windows\System32\AppXDeploymentExtensions.dll
    2012-11-29 05:05:571131520----a-w-C:\Windows\System32\AppXDeploymentServer.dll
    2012-11-28 04:21:1744032----a-w-C:\Windows\SysWow64\UXInit.dll
    2012-11-28 04:20:5953760----a-w-C:\Windows\System32\UXInit.dll
    2012-11-27 07:00:32194280----a-w-C:\Windows\System32\drivers\sdbus.sys
    2012-11-27 07:00:29124648----a-w-C:\Windows\System32\drivers\dumpsd.sys
    2012-11-27 06:59:13329960----a-w-C:\Windows\System32\drivers\storport.sys
    2012-11-27 06:39:461122768----a-w-C:\Windows\System32\Taskmgr.exe
    2012-11-27 04:49:201027152----a-w-C:\Windows\SysWow64\Taskmgr.exe
    2012-11-27 04:20:501048064----a-w-C:\Windows\SysWow64\mstsc.exe
    2012-11-27 04:20:42179200----a-w-C:\Windows\SysWow64\wpnapps.dll
    2012-11-27 04:20:35891904----a-w-C:\Windows\SysWow64\winmde.dll
    2012-11-27 04:20:31798208----a-w-C:\Windows\SysWow64\WebcamUi.dll
    2012-11-27 04:20:2946592----a-w-C:\Windows\SysWow64\vds_ps.dll
    2012-11-27 04:20:28560128----a-w-C:\Windows\SysWow64\UserLanguagesCpl.dll
    2012-11-27 04:20:231217536----a-w-C:\Windows\SysWow64\storagewmi.dll
    2012-11-27 04:20:15680960----a-w-C:\Windows\System32\vds.exe
    2012-11-27 04:20:07702464----a-w-C:\Windows\SysWow64\nshwfp.dll
    2012-11-27 04:20:071123840----a-w-C:\Windows\System32\mstsc.exe
    2012-11-27 04:18:59888832----a-w-C:\Windows\System32\nshwfp.dll
    2012-11-27 04:18:395974528----a-w-C:\Windows\System32\mstscax.dll
    2012-11-27 04:18:131071104----a-w-C:\Windows\System32\IKEEXT.DLL
    2012-11-27 04:18:06378880----a-w-C:\Windows\System32\FWPUCLNT.DLL
    2012-11-27 04:17:32718848----a-w-C:\Windows\System32\BFE.DLL
    2012-11-27 04:17:312302464----a-w-C:\Windows\System32\authui.dll
    2012-11-27 03:57:3218432----a-w-C:\Windows\System32\drivers\BtaMPM.sys
    2012-11-27 03:56:2931104----a-w-C:\Windows\System32\drivers\BthAvrcpTg.sys
    2012-11-27 03:55:4429952----a-w-C:\Windows\System32\drivers\BthhfHid.sys
    2012-11-26 04:21:1871168----a-w-C:\Windows\SysWow64\ncryptsslp.dll
    2012-11-26 04:20:0986016----a-w-C:\Windows\System32\ncryptsslp.dll
    2012-11-20 08:00:236971624----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-11-20 05:24:191164800----a-w-C:\Windows\SysWow64\Display.dll
    2012-11-20 05:24:1736352----a-w-C:\Windows\SysWow64\DevDispItemProvider.dll
    2012-11-20 05:17:231184256----a-w-C:\Windows\System32\Display.dll
    2012-11-20 05:17:2049152----a-w-C:\Windows\System32\DevDispItemProvider.dll
    2012-11-20 05:02:466656----a-w-C:\Windows\SysWow64\KBDKURD.DLL
    2012-11-20 04:59:267168----a-w-C:\Windows\System32\KBDKURD.DLL
    2012-11-20 04:56:2727136----a-w-C:\Windows\System32\drivers\usbohci.sys
    2012-11-20 04:56:1183456----a-w-C:\Windows\System32\drivers\hidclass.sys
    2012-11-20 04:54:3139936----a-w-C:\Windows\System32\drivers\hidi2c.sys
    2012-11-15 06:08:412706432----a-w-C:\Windows\System32\mshtml.tlb
    2012-11-15 06:06:342706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-11-13 04:20:301120768----a-w-C:\Windows\System32\msctf.dll
    2012-11-13 04:19:23890880----a-w-C:\Windows\SysWow64\msctf.dll
    2012-11-10 04:23:25132608----a-w-C:\Windows\SysWow64\poqexec.exe
    2012-11-10 04:23:18148480----a-w-C:\Windows\System32\poqexec.exe
    2012-11-10 04:22:40122880----a-w-C:\Windows\System32\VmHostAI.dll
    2012-11-10 04:22:35144384----a-w-C:\Windows\System32\tssdisai.dll
    2012-11-10 04:22:14126976----a-w-C:\Windows\System32\RDWebAI.dll
    2012-11-10 04:20:20135680----a-w-C:\Windows\System32\appserverai.dll
    2012-11-09 04:49:512048----a-w-C:\Windows\System32\tzres.dll
    2012-11-09 04:03:482048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-11-08 04:25:36523776----a-w-C:\Windows\SysWow64\WSShared.dll
    2012-11-08 04:25:36143872----a-w-C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
    2012-11-08 04:25:36124928----a-w-C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:25:351775104----a-w-C:\Windows\SysWow64\wininet.dll
    2012-11-08 04:24:272881536----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-11-08 04:24:2261440----a-w-C:\Windows\SysWow64\iesetup.dll
    2012-11-08 04:24:22109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2012-11-08 04:24:1975776----a-w-C:\Windows\SysWow64\fontsub.dll
    2012-11-08 04:24:0610752----a-w-C:\Windows\SysWow64\dciman32.dll
    2012-11-08 04:22:21641536----a-w-C:\Windows\System32\WSShared.dll
    2012-11-08 04:22:20198656----a-w-C:\Windows\System32\Windows.ApplicationModel.Store.dll
    2012-11-08 04:22:20163840----a-w-C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:22:192246656----a-w-C:\Windows\System32\wininet.dll
    2012-11-08 04:22:12907776----a-w-C:\Windows\System32\uxtheme.dll
    2012-11-08 04:21:003966464----a-w-C:\Windows\System32\jscript9.dll
    2012-11-08 04:20:5667072----a-w-C:\Windows\System32\iesetup.dll
    2012-11-08 04:20:56136704----a-w-C:\Windows\System32\iesysprep.dll
    2012-11-08 04:20:5096256----a-w-C:\Windows\System32\fontsub.dll
    2012-11-08 04:20:3714336----a-w-C:\Windows\System32\dciman32.dll
    2012-11-08 04:02:163072----a-w-C:\Windows\System32\lpk.dll
    2012-11-08 04:01:403072----a-w-C:\Windows\SysWow64\lpk.dll
    2012-11-08 01:56:52534528----a-w-C:\Windows\SysWow64\uxtheme.dll
    2012-11-06 07:52:07445160----a-w-C:\Windows\System32\drivers\USBHUB3.SYS
    2012-11-06 07:52:04277736----a-w-C:\Windows\System32\drivers\msiscsi.sys
    2012-11-06 07:36:2369864----a-w-C:\Windows\System32\drivers\pdc.sys
    2012-11-06 07:33:46522640----a-w-C:\Windows\System32\AUDIOKSE.dll
    2012-11-06 07:33:46253512----a-w-C:\Windows\System32\audiodg.exe
    2012-11-06 07:33:45490064----a-w-C:\Windows\System32\AudioEng.dll
    2012-11-06 07:33:45447792----a-w-C:\Windows\System32\AudioSes.dll
    2012-11-06 07:33:301566432----a-w-C:\Windows\System32\ole32.dll
    2012-11-06 05:00:06463768----a-w-C:\Windows\SysWow64\AUDIOKSE.dll
    2012-11-06 05:00:06427568----a-w-C:\Windows\SysWow64\AudioEng.dll
    2012-11-06 05:00:06324344----a-w-C:\Windows\SysWow64\AudioSes.dll
    2012-11-06 04:54:132205696----a-w-C:\Windows\SysWow64\PrintConfig.dll
    2012-11-06 04:48:271150160----a-w-C:\Windows\SysWow64\ole32.dll
    2012-11-06 04:19:59470016----a-w-C:\Windows\System32\wlanmsm.dll
    2012-11-06 04:18:5884992----a-w-C:\Windows\SysWow64\fdWCN.dll
    2012-11-06 04:17:58110080----a-w-C:\Windows\System32\dafWCN.dll
    .
    ============= FINISH: 21:30:02.75 ===============


    (Attach.txt)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro
    Boot Device: \Device\HarddiskVolume1
    Install Date: 01/02/2013 19:58:42
    System Uptime: 02/02/2013 18:22:09 (3 hours ago)
    .
    Motherboard: Novatech nFinity | | B14
    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 111 GiB total, 82.66 GiB free.
    D: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 01/02/2013 20:17:17 - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20 (x64 edition)
    AVG 9.0
    Google Chrome
    Google Update Helper
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Storage Technology
    Intel(R) Smart Connect Technology 3.0 x64
    Intel® PROSet/Wireless WiFi Software
    Java(TM) 7 (64-bit)
    Java(TM) SE Development Kit 7 (64-bit)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft Visual C++ 2005 Redistributable
    PHotkey
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Synaptics Pointing Device Driver
    Visual C++ 8.0 Runtime Setup Package (x64)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    02/02/2013 18:22:23, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B5667C7-BDE0-4316-9C06-0157E07701F1} because another computer on the network has the same name. The server could not start.
    02/02/2013 18:22:23, Error: NetBT [4321] - The name "JOHN-PC :20" could not be registered on the interface with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.
    02/02/2013 18:22:23, Error: NetBT [4321] - The name "JOHN-PC :0" could not be registered on the interface with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.
    01/02/2013 21:03:53, Error: BTHUSB [30] - The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.
    01/02/2013 18:53:11, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
    01/02/2013 18:53:11, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    01/02/2013 18:52:58, Error: volmgr [46] - Crash dump initialization failed!
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    You're running two AV programs, Windows Defender and AVG.
    You have to either disable Windows Defender or uninstall AVG.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ======================

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. jrexha

    jrexha TS Rookie Topic Starter

    Windows Defender is already disabled, the log says that also doesn't it?

    Here are the two logs from RogueKiller:
    (RKreport1)

    RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : John [Admin rights]
    Mode : Scan -- Date : 02/03/2013 00:32:02
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: INTEL SSDSC2BW120A3 +++++
    --- User ---
    [MBR] 48e8e5b3f6189c3e28ed5ddcda493306
    [BSP] 7c0814ca85c914f2c57ba5930250333a : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02032013_02d0032.txt >>
    RKreport[1]_S_02032013_02d0032.txt

    (RKreport2)

    RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : John [Admin rights]
    Mode : Remove -- Date : 02/03/2013 00:32:41
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: INTEL SSDSC2BW120A3 +++++
    --- User ---
    [MBR] 48e8e5b3f6189c3e28ed5ddcda493306
    [BSP] 7c0814ca85c914f2c57ba5930250333a : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_02032013_02d0032.txt >>
    RKreport[1]_S_02032013_02d0032.txt ; RKreport[2]_D_02032013_02d0032.txt

    And now here are the two reports from the MBAR:
    (mbar log)

    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    www.malwarebytes.org

    Database version: v2013.02.02.10

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    John :: JOHN-PC [administrator]

    03/02/2013 00:44:38
    mbar-log-2013-02-03 (00-44-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28177
    Time elapsed: 3 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    (System log)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16466

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.696000 GHz
    Memory total: 8473038848, free: 6334242816

    ------------ Kernel report ------------
    02/03/2013 00:39:55
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\avgrkx64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\System32\Drivers\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\System32\drivers\HECIx64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\imsevent.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\ikbevent.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\ISCTD64.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\drivers\AMPPAL.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\System32\Drivers\RtsUStor.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \??\C:\Program Files (x86)\PHotkey\PEGAGFN.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\BthLEEnum.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\System32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WPRO_41_2001.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\NETwew00.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\System32\Drivers\avgldx64.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8008dbe060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000039\
    Lower Device Object: 0xfffffa80067084f0
    Lower Device Driver Name: \Driver\iaStorA\
    Driver name found: iaStorA
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
    Load Function returned 0x0
    Downloaded database version: v2013.02.02.10
    Downloaded database version: v2013.01.23.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8008dbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008dbeaa0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008dbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa80073b3e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80067084f0, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a015d58cd0, 0xfffffa8008dbe060, 0xfffffa8017ebb090
    Lower DeviceData: 0xfffff8a0037f39b0, 0xfffffa80067084f0, 0xfffffa800b790a40
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 984C1271

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848 Numsec = 233719808

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    You're right :)

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\Windows\System32\audiodg.exe
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  7. jrexha

    jrexha TS Rookie Topic Starter

  8. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    It looks like AVG is playing games with you.
    I suggest you put those files into AVG exceptions and I'd also report them at AVG forum.
    No need for more scans.

    Good luck :)
     
  9. jrexha

    jrexha TS Rookie Topic Starter

    Hmm, but it's really weird as I have AVG on my PC as well and it's never played up with me for those files and still doesn't.

    I'm not having the problems where I couldn't access the DDS.com links and downloads anymore though so I'm guessing something changed!

    I hope it's nothing like it usually is with AVG, thanks for all your help!
     
  10. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    It's been a long time since I stopped recommending AVG because of issues like yours.

    From all scans we did I don't see anything malicious.

    Are you having any visible issues with your computer?
     
  11. jrexha

    jrexha TS Rookie Topic Starter

    Is there anything you'd recommend over it?

    Apart from earlier when I wasn't able to access any downloads relating to the DDS program, nothing that strikes me as out of the ordinary.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,082   +258

  13. jrexha

    jrexha TS Rookie Topic Starter

    Alright then, thanks for all the help! I've heard good things about avast and I use it on my android phone so maybe I'll check it out!

    Appreciate your time!
     
  14. Broni

    Broni Malware Annihilator Posts: 47,082   +258

    You're very welcome [​IMG]
     
    jrexha likes this.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.