[AVG FP1] Trojan Horse PSW.Generic 10.BNPL/10.BNPN

Inactive
By WHUFC11
Feb 2, 2013
  1. I'm having the same problems as jrexha. I have AVG and active and it still seems to have picked up this virus. I have run malwarebytes and its not detecting anything. Every time I open an application the AVG threat comes up, my music player will not work, there is no volume when I try to view something of an interview page. Its driving me mad,

    I have windows 8.

    I ran those two programs suggested and the following has come up:

    I'm hoping someone can help!


    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro
    Boot Device: \Device\HarddiskVolume1
    Install Date: 02/12/2012 15:59:47
    System Uptime: 02/02/2013 21:23:56 (1 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | P8H61-M LX R2.0
    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | LGA1155 | 1600/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 363.762 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    I: is FIXED (NTFS) - 932 GiB total, 11.884 GiB free.
    K: is FIXED (NTFS) - 233 GiB total, 48.307 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP21: 01/02/2013 19:17:40 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    7500_7600_7700_Help1
    Apple Application Support
    Apple Software Update
    AVG 8.5
    Bing Bar
    BitTorrent
    BitTorrentControl_v12 Toolbar
    bpd_scan_Carrier
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Claro Chrome Toolbar
    Claro LTD toolbar
    ComicRack v0.9.156
    Destinations
    DeviceDiscovery
    DocProc
    Dragon NaturallySpeaking 11
    Dropbox
    Fax
    File Splitter and Joiner (FFSJ v3.3)
    FinalBurner Free v2.13.0.164
    FirstRowSportApp
    Free Easy Burner V 5.1
    GPBaseService2
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP OfficeJet L7300/L7500/7600/7700
    HP Solution Center 14.0
    HP Update
    HPProductAssistant
    HPSSupply
    Intel(R) Processor Graphics
    L7500
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    MediaMonkey 3.0
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MPM
    Nero 7 Demo
    Network64
    OCR Software by I.R.I.S. 14.0
    Picasa 3
    PIXresizer 2.0.4
    ProductContext
    QuickTime
    Republic: The Revolution
    Scan
    Shop for HP Supplies
    SolutionCenter
    Status
    SUPERAntiSpyware
    SweetIM for Messenger 3.7
    SweetPacks bundle uninstaller
    Toolbox
    TrayApp
    Update Manager for SweetPacks 1.1
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.0
    WebReg
    Yontoo 1.10.03
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/01/2013 17:10:35, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x300000001cbe7. The name of the file is "\Users\Jaimin Nish\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1".
    30/01/2013 17:09:31, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Owner\Jaimin Nish SID (S-1-5-21-2207316919-3133285856-867259410-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    30/01/2013 16:23:35, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Owner\Nyah Nish SID (S-1-5-21-2207316919-3133285856-867259410-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    30/01/2013 16:22:10, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x200000001d2df. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1".
    26/01/2013 00:07:27, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    02/02/2013 21:37:00, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000008712. The name of the file is "\Windows\AppCompat\Programs\Amcache.hve.LOG1".
    02/02/2013 21:36:49, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Owner\User SID (S-1-5-21-2207316919-3133285856-867259410-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    02/02/2013 21:25:17, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x3000000013d0e. The name of the file is "\ProgramData\avg8\Log\avgui.log".
    02/02/2013 21:24:34, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xbc00000001687c. The name of the file is "\ProgramData\avg8\Log\commonpriv.log".
    02/02/2013 21:24:34, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000caab. The name of the file is "\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl".
    02/02/2013 21:24:16, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The system cannot find the file specified.
    02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xd00000002ca33. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8D97D5-5E66-11E2-BE92-10BF487F6D7E}.dat".
    02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x700000002ca0f. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8DBEE5-5E66-11E2-BE92-10BF487F6D7E}.dat".
    02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x400000002cac9. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8D70C5-5E66-11E2-BE92-10BF487F6D7E}.dat".
    02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x400000002cac0. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8DE5F5-5E66-11E2-BE92-10BF487F6D7E}.dat".
    02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1400000002ca17. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8E0D05-5E66-11E2-BE92-10BF487F6D7E}.dat".
    02/02/2013 12:12:55, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
    01/02/2013 19:18:15, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume ??. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000008712. The name of the file is "\Windows\AppCompat\Programs\Amcache.hve.LOG1".
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453
    Run by User at 22:02:50 on 2013-02-02
    Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.7887.6136 [GMT 0:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Internet Security *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Internet Security *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~2\AVG\AVG8\avgfws8.exe
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\PROGRA~2\AVG\AVG8\avgam.exe
    C:\PROGRA~2\AVG\AVG8\avgrsa.exe
    C:\PROGRA~2\AVG\AVG8\avgnsa.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\taskhostex.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AVG\AVG8\avgtray.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5J1QVGB\SparkTrust PC Cleaner Plus Setup.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bbc.co.uk/news/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
    TB: BitTorrentControl_v12 Toolbar: {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
    TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll
    TB: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe
    mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
    mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://eversheds.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{3948E1EF-EFA6-4B62-B1C2-AB6F3DDA463B} : DHCPNameServer = 194.168.4.100 194.168.8.100
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\Drivers\avgrkx64.sys [2013-1-1 14856]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2013-1-1 29464]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\Drivers\avgldx64.sys [2013-1-1 427016]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\Drivers\avgmfx64.sys [2013-1-1 33416]
    R1 AvgTdiA;AVG8 Network Redirector x64;C:\Windows\System32\Drivers\avgtdia.sys [2013-1-1 133640]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2013-1-1 297752]
    R2 avgfws8;AVG8 Firewall;C:\PROGRA~2\AVG\AVG8\avgfws8.exe [2013-1-1 1370488]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-25 398184]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [2012-1-25 240408]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-12-25 24176]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
    R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [2012-1-25 192792]
    S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe --> C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [?]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-25 682344]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2012-9-19 203104]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2013-02-02 19:48:17 -------- d-----w- C:\ProgramData\Doctor Web
    2013-02-02 19:10:48 -------- d-----w- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
    2013-02-02 19:10:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-02-02 19:10:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2013-01-29 22:22:59 210624 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10191.bin
    2013-01-20 23:20:27 -------- d-----w- C:\ProgramData\WEBREG
    2013-01-20 23:16:06 -------- d-----w- C:\Users\User\AppData\Local\HP
    2013-01-20 23:15:02 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp58a.dll
    2013-01-20 23:15:00 -------- d-----w- C:\Windows\LastGood.Tmp
    2013-01-20 23:12:04 -------- d-----w- C:\Program Files (x86)\Microsoft
    2013-01-20 23:11:46 -------- d-----w- C:\Users\User\AppData\Roaming\HpUpdate
    2013-01-20 23:10:29 -------- d-----w- C:\Windows\SysWow64\spool
    2013-01-20 23:09:24 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2013-01-20 23:09:23 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2013-01-20 23:08:09 131072 ----a-w- C:\Windows\System32\hpz3l58a.dll
    2013-01-20 23:07:59 -------- d-----w- C:\Program Files (x86)\HP
    2013-01-20 23:04:45 861184 ----a-w- C:\Windows\System32\hpwwiax2.dll
    2013-01-20 23:04:45 540672 ----a-w- C:\Windows\System32\hppldcoi.dll
    2013-01-20 23:04:45 488960 ----a-w- C:\Windows\System32\hpovst11.dll
    2013-01-20 23:04:45 338944 ----a-w- C:\Windows\System32\hpzids40.dll
    2013-01-20 23:04:45 1424896 ----a-w- C:\Windows\System32\hpwtiop2.dll
    2013-01-16 16:13:39 -------- d-sh--w- C:\found.001
    2013-01-15 16:21:38 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-15 16:21:38 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-14 21:54:59 955904 ----a-w- C:\Windows\System32\WebcamUi.dll
    2013-01-14 21:53:16 2367528 ----a-w- C:\Windows\System32\WSService.dll
    2013-01-14 21:53:15 13640704 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
    2013-01-14 21:53:09 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
    2013-01-14 21:53:06 10791936 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
    2013-01-14 21:53:04 2397184 ----a-w- C:\Windows\System32\WpcMon.exe
    2013-01-14 21:53:02 3847168 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-14 21:53:01 3964416 ----a-w- C:\Windows\System32\WinSAT.exe
    2013-01-14 21:51:44 76288 ----a-w- C:\Windows\System32\newdev.exe
    2013-01-14 21:51:44 75264 ----a-w- C:\Windows\System32\ndadmin.exe
    2013-01-14 21:51:44 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
    2013-01-14 21:51:44 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
    2013-01-14 21:51:44 301568 ----a-w- C:\Windows\System32\newdev.dll
    2013-01-14 21:51:44 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
    2013-01-14 21:51:42 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-01-14 21:51:42 446976 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-01-13 19:06:09 -------- d-----w- C:\Users\User\AppData\Roaming\FLEXnet
    2013-01-13 19:06:08 -------- d-----w- C:\Users\User\AppData\Roaming\Nuance
    2013-01-13 19:02:59 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
    2013-01-13 19:02:53 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
    2013-01-13 19:02:03 -------- d-----w- C:\ProgramData\Nuance
    2013-01-13 19:02:03 -------- d-----w- C:\Program Files (x86)\Nuance
    2013-01-12 15:15:14 -------- d-----w- C:\Program Files (x86)\Gophoto.it
    2013-01-12 15:14:58 -------- d-----w- C:\Program Files (x86)\FirstRowSportApp.com
    .
    ==================== Find3M ====================
    .
    2013-01-01 17:44:53 427016 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2013-01-01 17:43:10 14856 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2013-01-01 17:43:10 12464 ----a-w- C:\Windows\System32\avgrssta.dll
    2013-01-01 17:43:09 133640 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2013-01-01 17:43:08 33416 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2013-01-01 17:43:01 29464 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
    2013-01-01 12:16:57 794906 ----a-w- C:\Windows\unins000.exe
    2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
    2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
    2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
    2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
    2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
    2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
    2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
    2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
    2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
    2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
    2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
    2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
    2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
    2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
    2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
    2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
    2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
    2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
    2012-11-27 04:19:52 5088256 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2012-11-27 04:19:51 256000 ----a-w- C:\Windows\System32\WSDMon.dll
    2012-11-27 04:19:50 244736 ----a-w- C:\Windows\System32\wpnapps.dll
    2012-11-27 04:19:48 1096704 ----a-w- C:\Windows\System32\wmpmde.dll
    2012-11-27 04:19:42 1145856 ----a-w- C:\Windows\System32\winmde.dll
    2012-11-27 04:19:33 631808 ----a-w- C:\Windows\System32\UserLanguagesCpl.dll
    2012-11-27 04:19:32 245248 ----a-w- C:\Windows\System32\usbmon.dll
    2012-11-27 04:19:25 173568 ----a-w- C:\Windows\System32\storewuauth.dll
    2012-11-27 04:19:25 1536512 ----a-w- C:\Windows\System32\storagewmi.dll
    2012-11-27 04:19:22 245248 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2012-11-27 04:19:09 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-11-27 04:19:02 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
    2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
    2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll
    2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL
    2012-11-27 04:17:31 2302464 ----a-w- C:\Windows\System32\authui.dll
    2012-11-27 03:57:32 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys
    2012-11-27 03:56:29 31104 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
    2012-11-27 03:55:44 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys
    2012-11-26 04:21:18 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
    2012-11-26 04:20:09 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
    2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
    2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
    2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll
    2012-11-20 05:17:20 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
    2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
    2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
    2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys
    2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys
    2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll
    2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
    2012-11-10 04:23:25 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2012-11-10 04:23:18 148480 ----a-w- C:\Windows\System32\poqexec.exe
    2012-11-10 04:22:40 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
    2012-11-10 04:22:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll
    2012-11-10 04:22:14 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
    2012-11-10 04:20:20 135680 ----a-w- C:\Windows\System32\appserverai.dll
    2012-11-09 04:49:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:03:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
    2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
    2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
    2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll
    2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
    2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll
    2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
    2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
    2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
    .
    ============= FINISH: 22:03:18.95 ===============
    jn
  2. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================

    I need to know what file name and in what location is reported by AVG.

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  3. WHUFC11

    WHUFC11 Newcomer, in training Topic Starter

    Many thanks for your assistance on this! Much appreciated!

    I ran the Malwares Rootkit and it states that there is no clean up required!

    Find below the Rougekiller report!


    RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Remove -- Date : 02/03/2013 00:47:21
    | ARK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 3 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : DNS7reminder ("C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDS721010DLE630 +++++
    --- User ---
    [MBR] 5b2bb66dab469c10f182722fb9bc3aa6
    [BSP] 7b0f5e5e920674fac268cd060836348a : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 953517 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Seagate FreeAgentDesktop USB Device +++++
    --- User ---
    [MBR] dcde733048f6c26f6697649797f55902
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive2: Seagate FreeAgent USB Device +++++
    --- User ---
    [MBR] d0b2f0bc9fe4262e98ca652f8e895acc
    [BSP] fb96b40a3aac349760910f0d232ba589 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_02032013_02d0047.txt >>
    RKreport[1]_S_02032013_02d0046.txt ; RKreport[2]_D_02032013_02d0047.txt
  4. Broni

    Broni Malware Annihilator Posts: 45,188   +242

  5. WHUFC11

    WHUFC11 Newcomer, in training Topic Starter

    I've been following that thread tonight.

    AVG is listing the following files:
    C\windows\system32\audiodg.exe
    C\windows\system32\Macromed\flash\flashUtil_ActiveX.exe

    Whenever I try to Remove selected infections, it just freezes everything and I end up having to sign off and even restart the computer.

    In addition, I have problems starting up music program media money, it starts up, but will not play the MP3 and as stated when on the internet, it will play videos but not the sound.

    Does this help?
  6. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    It looks like same files as in the other topic.
    AVG keeps removing one of system files (audiodg.exe) and you're getting audio issues.
    As you can see from the other topic the above file is clean.

    You have couple of choices...
    1. Put those files into AVG exceptions.
    2. Switch to some other AV program.

    Personally I stopped recommending AVG long time ago.
  7. WHUFC11

    WHUFC11 Newcomer, in training Topic Starter

    If I change to another AV program, would that remedy the issue around sound?
  8. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    See if you have this file in place:
    C\windows\system32\audiodg.exe
  9. WHUFC11

    WHUFC11 Newcomer, in training Topic Starter

    Sorry, how do I do that? I'm a bit of a beginner.:confused:
  10. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Hold Windows logo key [​IMG] and press "E".
    It'll open Windows Explorer.
    Navigate to C:\windows\system32 folder and see if audiodg.exe file is there.
  11. WHUFC11

    WHUFC11 Newcomer, in training Topic Starter

    Yup, it's there!

    Second guessing you, do I uninstall AVG, install another and then everything is back to normal? (In theory)
  12. Broni

    Broni Malware Annihilator Posts: 45,188   +242

  13. WHUFC11

    WHUFC11 Newcomer, in training Topic Starter

    So far, so good!!!

    Many thanks for your help and patience!

    Very much appreciated!
     
  14. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    You're very welcome [​IMG]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.