Inactive [AVG FP] Trojan Horse PSW.Generic 10.BNPL/10.BNPN detected!

jrexha

Posts: 7   +0
Hi, I'd used my new laptop yesterday for a short while after first setting it all up which included using the internet for sites such as Facebook, Google etc. Just general things to check out the new Windows 8 and everything.

However, I realised today I'd forgotten to install an anti-virus before going online. I did so, and I soon started receiving threat detections related to two files in the WINDOWS\System32 directory, they are titled 'audiodg.exe" and "FlashUtil_ActiveX.exe" (the latter which is in the WINDOWS\System32\Macromed\Flash\ directoy). Although, when you click to show more details, the actual files shown are either svchost.exe, Explorer.EXE, Taskmgr.exe and even the mbam.exe which was first detected when I ran it to scan. I have the list of detected viruses so far here (and also just now suddenly in some WinSxS\amd64... directory):

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 20:20:46";"file";"C:\Windows\System32\svchost.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 20:20:46";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20555_none_d0147a4a87685846\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20548_none_d0224b14875d885a\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20539_none_d02e1b4a875485c0\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20534_none_d02919d88759070d\audiodg.exe";"Infected";"02/02/2013, 20:19:40";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20521_none_d030e8e687539f17\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16451_none_cf86dc576e4e5320\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16444_none_cf94ad216e438334\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16437_none_cfa27deb6e38b348\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16433_none_cf9e7cc36e3c4dec\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.16420_none_cfa64bd16e36e5f6\audiodg.exe";"Infected";"02/02/2013, 20:19:39";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPN";"c:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20588_none_84f72b440c6dcc0d\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 20:19:30";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPN";"c:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16483_none_84688d06f354ad90\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 20:19:30";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:42:46";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:41:13";"file";"C:\Windows\System32\svchost.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:02:53";"file";"C:\Windows\Explorer.EXE"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 19:00:33";"file";"C:\Windows\System32\Taskmgr.exe"
"Trojan horse PSW.Generic10.BNPN";"c:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 18:58:45";"file";"C:\Windows\system32\svchost.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:58:29";"file";"C:\Windows\System32\svchost.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:49:10";"file";"C:\Windows\Explorer.EXE"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:46:19";"file";"C:\Windows\System32\svchost.exe"
"Trojan horse PSW.Generic10.BNPN";"c:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 18:32:45";"file";"C:\Windows\system32\svchost.exe"
"Trojan horse PSW.Generic10.BNPN";"c:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe";"Infected";"02/02/2013, 18:30:37";"file";"C:\Windows\system32\svchost.exe"
"Trojan horse PSW.Generic10.BNPL";"c:\Windows\System32\audiodg.exe";"Object is white-listed (critical/system file that should not be removed)";"02/02/2013, 18:26:17";"file";"C:\Windows\System32\svchost.exe"

I have the log from the MBAM as requested in the instructions which says it found no malware, however I don't seem to be able to download DDS from either of the provided links, I even tried bleeping computer.

Here is the MBAM quickscan log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.02.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
John :: JOHN-PC [administrator]

Protection: Enabled

02/02/2013 19:42:34
mbam-log-2013-02-02 (19-42-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206668
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

A full scan also returned nothing for malware detection.
Would really love some advice on this! I've never even had so much as a whiff of a virus on my PC or anything else in the past 5 or more years and now suddenly for something to infect my system for such a silly mistake as forgetting to protect it from the get go seems almost mocking - and not to mention humbling!
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

Uploaded DDS for you here: http://www.filedropper.com/dds
 
I don't know why I didn't try this earlier, but that link doesn't work either, so I tried it on my desktop PC and it worked fine, I put it in a USB and transferred it over. I had a hunch that this virus or whatever it is must have been blocking my access to anything related to it maybe and it seems that might be true!

Anyway, here are the DDS logs:
(DDS.txt)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by John at 21:29:50 on 2013-02-02
Microsoft Windows 8 Pro 6.2.9200.0.1252.44.1033.18.8081.5754 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\PHotkey\PHotkey.exe
C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
C:\Program Files (x86)\PHotkey\HCSynApi.exe
C:\Program Files (x86)\PHotkey\PVDesktop.exe
C:\Program Files (x86)\PHotkey\PVDAgent.exe
C:\Program Files (x86)\PHotkey\MyWiMax.exe
C:\Program Files (x86)\PHotkey\POSD.exe
C:\Program Files (x86)\PHotkey\GPMTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mWinlogon: Userinit = userinit.exe
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6B5667C7-BDE0-4316-9C06-0157E07701F1} : DHCPNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\Drivers\avgrkx64.sys [2013-2-2 56008]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-2-1 645952]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\Drivers\avgldx64.sys [2013-2-2 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\Drivers\avgmfx64.sys [2013-2-2 35664]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\Drivers\avgtdia.sys [2013-2-2 317520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2013-2-2 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2013-2-2 308136]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-2-1 1091520]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-2-1 1112000]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2013-2-1 156672]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IASTORDATAMGRSVC.EXE [2013-2-1 7168]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-7-24 146984]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-2 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-2 682344]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2013-2-1 14344]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2013-2-1 110592]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2013-2-1 825344]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2013-2-1 55848]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-7-24 20968]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-7-24 19944]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-7-24 46016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-2-2 24176]
R3 NETwNe64;@oem9.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-8-19 4273192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RTSUSTOR.SYS [2013-2-1 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-1 690832]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-2-1 34752]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2013-2-2 1025352]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== Created Last 30 ================
.
2013-02-02 19:41:09--------d-----w-C:\Users\John\AppData\Roaming\Malwarebytes
2013-02-02 19:40:54--------d-----w-C:\ProgramData\Malwarebytes
2013-02-02 19:40:5324176----a-w-C:\Windows\System32\drivers\mbam.sys
2013-02-02 19:40:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-02 19:40:33--------d-----w-C:\Users\John\AppData\Local\Programs
2013-02-02 18:20:03--------d--h--w-C:\ProgramData\Common Files
2013-02-02 18:20:0256008----a-w-C:\Windows\System32\drivers\avgrkx64.sys
2013-02-02 18:20:0213048----a-w-C:\Windows\System32\avgrssta.dll
2013-02-02 18:20:01317520----a-w-C:\Windows\System32\drivers\avgtdia.sys
2013-02-02 18:19:59269904----a-w-C:\Windows\System32\drivers\avgldx64.sys
2013-02-02 18:19:5835664----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2013-02-02 18:19:58--------d-----w-C:\Windows\System32\drivers\Avg
2013-02-02 18:19:56--------d-----w-C:\ProgramData\AVG Security Toolbar
2013-02-02 18:17:17--------d-----w-C:\Program Files (x86)\AVG
2013-02-02 18:17:04--------d-----w-C:\ProgramData\avg9
2013-02-02 16:38:05--------d-----w-C:\Users\John\AppData\Local\Eclipse
2013-02-02 16:37:59--------d-----w-C:\Users\John\workspace
2013-02-02 16:15:13627600----a-w-C:\Windows\System32\deployJava1.dll
2013-02-02 16:12:1118528----a-w-C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-02-02 16:10:399161176----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA5CE604-4C5F-40F3-A724-B0048D5B6624}\mpengine.dll
2013-02-02 02:52:48--------d-----w-C:\Windows\Panther
2013-02-01 21:38:523554304----a-w-C:\Windows\System32\tquery.dll
2013-02-01 21:35:5476288----a-w-C:\Windows\System32\newdev.exe
2013-02-01 21:34:55246784----a-w-C:\Windows\SysWow64\ubpm.dll
2013-02-01 21:33:58710656----a-w-C:\Windows\System32\winhttp.dll
2013-02-01 21:16:16--------d--h--w-C:\Windows\System32\WLANProfiles
2013-02-01 21:16:022367528----a-w-C:\Windows\System32\WSService.dll
2013-02-01 21:16:0213640704----a-w-C:\Windows\System32\Windows.UI.Xaml.dll
2013-02-01 21:14:31--------d-----w-C:\Program Files (x86)\PHotkey
2013-02-01 21:13:5894656----a-w-C:\Windows\System32\WPRO_41_2001woem.tmp
2013-02-01 21:13:5834752----a-w-C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-02-01 21:11:40825344----a-w-C:\Windows\System32\drivers\btmhsf.sys
2013-02-01 21:11:4055848----a-w-C:\Windows\System32\drivers\iBtFltCoex.sys
2013-02-01 21:11:401721216----a-w-C:\Windows\System32\WdfCoInstaller01009.dll
2013-02-01 21:11:40110592----a-w-C:\Windows\System32\drivers\btmaux.sys
2013-02-01 21:10:26--------d-----w-C:\Users\John\AppData\Roaming\Intel
2013-02-01 21:10:19--------d-----w-C:\Users\John\Roaming
2013-02-01 21:10:19--------d-----w-C:\ProgramData\Roaming
2013-02-01 21:09:53--------d-----w-C:\Program Files\Common Files\Intel
2013-02-01 21:09:53--------d-----w-C:\Program Files (x86)\Cisco
2013-02-01 21:09:52--------d-----w-C:\ProgramData\Intel.sav
2013-02-01 21:08:50--------d-----w-C:\Windows\SysWow64\sda
2013-02-01 21:08:449888912----a-w-C:\Windows\SysWow64\RtsUStoricon.dll
2013-02-01 21:08:44422544----a-w-C:\Windows\System32\RtsUStor.dll
2013-02-01 21:08:44252048----a-w-C:\Windows\System32\drivers\RTSUSTOR.SYS
2013-02-01 21:07:38--------d-----w-C:\Program Files\Synaptics
2013-02-01 21:03:31--------d-----w-C:\Program Files (x86)\Common Files\Intel Corporation
2013-02-01 20:57:02--------d-----w-C:\Users\John\AppData\Roaming\Intel Corporation
2013-02-01 20:51:1774344----a-w-C:\Windows\System32\RtNicProp64.dll
2013-02-01 20:51:17690832----a-w-C:\Windows\System32\drivers\Rt630x64.sys
2013-02-01 20:51:13--------d-----w-C:\Program Files (x86)\Realtek
2013-02-01 20:47:5653248----a-w-C:\Windows\SysWow64\CSVer.dll
2013-02-01 20:23:44--------d-----w-C:\Users\John\AppData\Local\Google
2013-02-01 20:21:55--------d-----r-C:\Windows\BrowserChoice
2013-02-01 20:19:579161176----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-01 20:19:40273840------w-C:\Windows\System32\MpSigStub.exe
2013-02-01 20:17:0117888----a-w-C:\Windows\System32\msvcr100_clr0400.dll
2013-02-01 20:17:0017888----a-w-C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-02-01 20:11:402361344----a-w-C:\Windows\System32\msxml6.dll
2013-02-01 20:07:5856832----a-w-C:\Windows\System32\OpenCL.DLL
2013-02-01 20:07:5856320----a-w-C:\Windows\SysWow64\OpenCL.DLL
2013-02-01 20:07:58--------d-----w-C:\Intel
2013-02-01 18:48:33454456----a-w-C:\Windows\System32\drivers\SynTP.sys
2013-02-01 18:48:33229176----a-w-C:\Windows\System32\SynTPAPI.dll
2013-02-01 18:48:33177976----a-w-C:\Windows\System32\SynTPCo14.dll
2013-02-01 18:48:33113976----a-w-C:\Windows\SysWow64\SynTPCOM.dll
2013-02-01 18:48:31535864----a-w-C:\Windows\SysWow64\SynCOM.dll
2013-02-01 18:48:311048576----a-w-C:\Windows\System32\syndata.bin
2013-02-01 18:48:311046840----a-w-C:\Windows\System32\SynCOM.dll
2013-02-01 18:46:36645952----a-w-C:\Windows\System32\drivers\iaStorA.sys
.
==================== Find3M ====================
.
2012-12-18 23:32:5880728----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 23:32:58695640----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 08:28:2046080----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 08:20:0135328----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33362496----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09300032----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-06 04:23:00170496----a-w-C:\Windows\System32\TimeBrokerServer.dll
2012-12-06 04:22:59178176----a-w-C:\Windows\System32\SystemEventsBrokerServer.dll
2012-12-04 04:21:42368640----a-w-C:\Windows\System32\sppwinob.dll
2012-12-04 03:59:084055552----a-w-C:\Windows\System32\win32k.sys
2012-11-29 05:05:57707584----a-w-C:\Windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:571131520----a-w-C:\Windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:1744032----a-w-C:\Windows\SysWow64\UXInit.dll
2012-11-28 04:20:5953760----a-w-C:\Windows\System32\UXInit.dll
2012-11-27 07:00:32194280----a-w-C:\Windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29124648----a-w-C:\Windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13329960----a-w-C:\Windows\System32\drivers\storport.sys
2012-11-27 06:39:461122768----a-w-C:\Windows\System32\Taskmgr.exe
2012-11-27 04:49:201027152----a-w-C:\Windows\SysWow64\Taskmgr.exe
2012-11-27 04:20:501048064----a-w-C:\Windows\SysWow64\mstsc.exe
2012-11-27 04:20:42179200----a-w-C:\Windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35891904----a-w-C:\Windows\SysWow64\winmde.dll
2012-11-27 04:20:31798208----a-w-C:\Windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:2946592----a-w-C:\Windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28560128----a-w-C:\Windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:231217536----a-w-C:\Windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15680960----a-w-C:\Windows\System32\vds.exe
2012-11-27 04:20:07702464----a-w-C:\Windows\SysWow64\nshwfp.dll
2012-11-27 04:20:071123840----a-w-C:\Windows\System32\mstsc.exe
2012-11-27 04:18:59888832----a-w-C:\Windows\System32\nshwfp.dll
2012-11-27 04:18:395974528----a-w-C:\Windows\System32\mstscax.dll
2012-11-27 04:18:131071104----a-w-C:\Windows\System32\IKEEXT.DLL
2012-11-27 04:18:06378880----a-w-C:\Windows\System32\FWPUCLNT.DLL
2012-11-27 04:17:32718848----a-w-C:\Windows\System32\BFE.DLL
2012-11-27 04:17:312302464----a-w-C:\Windows\System32\authui.dll
2012-11-27 03:57:3218432----a-w-C:\Windows\System32\drivers\BtaMPM.sys
2012-11-27 03:56:2931104----a-w-C:\Windows\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:4429952----a-w-C:\Windows\System32\drivers\BthhfHid.sys
2012-11-26 04:21:1871168----a-w-C:\Windows\SysWow64\ncryptsslp.dll
2012-11-26 04:20:0986016----a-w-C:\Windows\System32\ncryptsslp.dll
2012-11-20 08:00:236971624----a-w-C:\Windows\System32\ntoskrnl.exe
2012-11-20 05:24:191164800----a-w-C:\Windows\SysWow64\Display.dll
2012-11-20 05:24:1736352----a-w-C:\Windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:231184256----a-w-C:\Windows\System32\Display.dll
2012-11-20 05:17:2049152----a-w-C:\Windows\System32\DevDispItemProvider.dll
2012-11-20 05:02:466656----a-w-C:\Windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:267168----a-w-C:\Windows\System32\KBDKURD.DLL
2012-11-20 04:56:2727136----a-w-C:\Windows\System32\drivers\usbohci.sys
2012-11-20 04:56:1183456----a-w-C:\Windows\System32\drivers\hidclass.sys
2012-11-20 04:54:3139936----a-w-C:\Windows\System32\drivers\hidi2c.sys
2012-11-15 06:08:412706432----a-w-C:\Windows\System32\mshtml.tlb
2012-11-15 06:06:342706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-11-13 04:20:301120768----a-w-C:\Windows\System32\msctf.dll
2012-11-13 04:19:23890880----a-w-C:\Windows\SysWow64\msctf.dll
2012-11-10 04:23:25132608----a-w-C:\Windows\SysWow64\poqexec.exe
2012-11-10 04:23:18148480----a-w-C:\Windows\System32\poqexec.exe
2012-11-10 04:22:40122880----a-w-C:\Windows\System32\VmHostAI.dll
2012-11-10 04:22:35144384----a-w-C:\Windows\System32\tssdisai.dll
2012-11-10 04:22:14126976----a-w-C:\Windows\System32\RDWebAI.dll
2012-11-10 04:20:20135680----a-w-C:\Windows\System32\appserverai.dll
2012-11-09 04:49:512048----a-w-C:\Windows\System32\tzres.dll
2012-11-09 04:03:482048----a-w-C:\Windows\SysWow64\tzres.dll
2012-11-08 04:25:36523776----a-w-C:\Windows\SysWow64\WSShared.dll
2012-11-08 04:25:36143872----a-w-C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36124928----a-w-C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:351775104----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-08 04:24:272881536----a-w-C:\Windows\SysWow64\jscript9.dll
2012-11-08 04:24:2261440----a-w-C:\Windows\SysWow64\iesetup.dll
2012-11-08 04:24:22109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2012-11-08 04:24:1975776----a-w-C:\Windows\SysWow64\fontsub.dll
2012-11-08 04:24:0610752----a-w-C:\Windows\SysWow64\dciman32.dll
2012-11-08 04:22:21641536----a-w-C:\Windows\System32\WSShared.dll
2012-11-08 04:22:20198656----a-w-C:\Windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20163840----a-w-C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:192246656----a-w-C:\Windows\System32\wininet.dll
2012-11-08 04:22:12907776----a-w-C:\Windows\System32\uxtheme.dll
2012-11-08 04:21:003966464----a-w-C:\Windows\System32\jscript9.dll
2012-11-08 04:20:5667072----a-w-C:\Windows\System32\iesetup.dll
2012-11-08 04:20:56136704----a-w-C:\Windows\System32\iesysprep.dll
2012-11-08 04:20:5096256----a-w-C:\Windows\System32\fontsub.dll
2012-11-08 04:20:3714336----a-w-C:\Windows\System32\dciman32.dll
2012-11-08 04:02:163072----a-w-C:\Windows\System32\lpk.dll
2012-11-08 04:01:403072----a-w-C:\Windows\SysWow64\lpk.dll
2012-11-08 01:56:52534528----a-w-C:\Windows\SysWow64\uxtheme.dll
2012-11-06 07:52:07445160----a-w-C:\Windows\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04277736----a-w-C:\Windows\System32\drivers\msiscsi.sys
2012-11-06 07:36:2369864----a-w-C:\Windows\System32\drivers\pdc.sys
2012-11-06 07:33:46522640----a-w-C:\Windows\System32\AUDIOKSE.dll
2012-11-06 07:33:46253512----a-w-C:\Windows\System32\audiodg.exe
2012-11-06 07:33:45490064----a-w-C:\Windows\System32\AudioEng.dll
2012-11-06 07:33:45447792----a-w-C:\Windows\System32\AudioSes.dll
2012-11-06 07:33:301566432----a-w-C:\Windows\System32\ole32.dll
2012-11-06 05:00:06463768----a-w-C:\Windows\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06427568----a-w-C:\Windows\SysWow64\AudioEng.dll
2012-11-06 05:00:06324344----a-w-C:\Windows\SysWow64\AudioSes.dll
2012-11-06 04:54:132205696----a-w-C:\Windows\SysWow64\PrintConfig.dll
2012-11-06 04:48:271150160----a-w-C:\Windows\SysWow64\ole32.dll
2012-11-06 04:19:59470016----a-w-C:\Windows\System32\wlanmsm.dll
2012-11-06 04:18:5884992----a-w-C:\Windows\SysWow64\fdWCN.dll
2012-11-06 04:17:58110080----a-w-C:\Windows\System32\dafWCN.dll
.
============= FINISH: 21:30:02.75 ===============


(Attach.txt)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 01/02/2013 19:58:42
System Uptime: 02/02/2013 18:22:09 (3 hours ago)
.
Motherboard: Novatech nFinity | | B14
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 82.66 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 01/02/2013 20:17:17 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
AVG 9.0
Google Chrome
Google Update Helper
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 3.0 x64
Intel® PROSet/Wireless WiFi Software
Java(TM) 7 (64-bit)
Java(TM) SE Development Kit 7 (64-bit)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Visual C++ 2005 Redistributable
PHotkey
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Synaptics Pointing Device Driver
Visual C++ 8.0 Runtime Setup Package (x64)
.
==== Event Viewer Messages From Past Week ========
.
02/02/2013 18:22:23, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B5667C7-BDE0-4316-9C06-0157E07701F1} because another computer on the network has the same name. The server could not start.
02/02/2013 18:22:23, Error: NetBT [4321] - The name "JOHN-PC :20" could not be registered on the interface with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.
02/02/2013 18:22:23, Error: NetBT [4321] - The name "JOHN-PC :0" could not be registered on the interface with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.
01/02/2013 21:03:53, Error: BTHUSB [30] - The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.
01/02/2013 18:53:11, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
01/02/2013 18:53:11, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
01/02/2013 18:52:58, Error: volmgr [46] - Crash dump initialization failed!
.
==== End Of File ===========================
 
You're running two AV programs, Windows Defender and AVG.
You have to either disable Windows Defender or uninstall AVG.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

Next...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

======================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Windows Defender is already disabled, the log says that also doesn't it?

Here are the two logs from RogueKiller:
(RKreport1)

RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Scan -- Date : 02/03/2013 00:32:02
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SSDSC2BW120A3 +++++
--- User ---
[MBR] 48e8e5b3f6189c3e28ed5ddcda493306
[BSP] 7c0814ca85c914f2c57ba5930250333a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02032013_02d0032.txt >>
RKreport[1]_S_02032013_02d0032.txt

(RKreport2)

RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Remove -- Date : 02/03/2013 00:32:41
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SSDSC2BW120A3 +++++
--- User ---
[MBR] 48e8e5b3f6189c3e28ed5ddcda493306
[BSP] 7c0814ca85c914f2c57ba5930250333a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02032013_02d0032.txt >>
RKreport[1]_S_02032013_02d0032.txt ; RKreport[2]_D_02032013_02d0032.txt

And now here are the two reports from the MBAR:
(mbar log)

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.02.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
John :: JOHN-PC [administrator]

03/02/2013 00:44:38
mbar-log-2013-02-03 (00-44-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28177
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

(System log)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16466

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 8473038848, free: 6334242816

------------ Kernel report ------------
02/03/2013 00:39:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\avgmfx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\AMPPAL.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files (x86)\PHotkey\PEGAGFN.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\Drivers\avgldx64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008dbe060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xfffffa80067084f0
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.02.02.10
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008dbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008dbeaa0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008dbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80073b3e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80067084f0, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Upper DeviceData: 0xfffff8a015d58cd0, 0xfffffa8008dbe060, 0xfffffa8017ebb090
Lower DeviceData: 0xfffff8a0037f39b0, 0xfffffa80067084f0, 0xfffffa800b790a40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 984C1271

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 233719808

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
 
Windows Defender is already disabled, the log says that also doesn't it?
You're right :)

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\Windows\System32\audiodg.exe
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
It looks like AVG is playing games with you.
I suggest you put those files into AVG exceptions and I'd also report them at AVG forum.
No need for more scans.

Good luck :)
 
Hmm, but it's really weird as I have AVG on my PC as well and it's never played up with me for those files and still doesn't.

I'm not having the problems where I couldn't access the DDS.com links and downloads anymore though so I'm guessing something changed!

I hope it's nothing like it usually is with AVG, thanks for all your help!
 
It's been a long time since I stopped recommending AVG because of issues like yours.

From all scans we did I don't see anything malicious.

Are you having any visible issues with your computer?
 
Is there anything you'd recommend over it?

Apart from earlier when I wasn't able to access any downloads relating to the DDS program, nothing that strikes me as out of the ordinary.
 
Alright then, thanks for all the help! I've heard good things about avast and I use it on my android phone so maybe I'll check it out!

Appreciate your time!
 
You're very welcome
p22002759.gif
 
Back