Inactive [AVG FP1] Trojan Horse PSW.Generic 10.BNPL/10.BNPN

WHUFC11

Posts: 7   +0
I'm having the same problems as jrexha. I have AVG and active and it still seems to have picked up this virus. I have run malwarebytes and its not detecting anything. Every time I open an application the AVG threat comes up, my music player will not work, there is no volume when I try to view something of an interview page. Its driving me mad,

I have windows 8.

I ran those two programs suggested and the following has come up:

I'm hoping someone can help!


DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 02/12/2012 15:59:47
System Uptime: 02/02/2013 21:23:56 (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8H61-M LX R2.0
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | LGA1155 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 363.762 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is FIXED (NTFS) - 932 GiB total, 11.884 GiB free.
K: is FIXED (NTFS) - 233 GiB total, 48.307 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 01/02/2013 19:17:40 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7500_7600_7700_Help1
Apple Application Support
Apple Software Update
AVG 8.5
Bing Bar
BitTorrent
BitTorrentControl_v12 Toolbar
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
BufferChm
Claro Chrome Toolbar
Claro LTD toolbar
ComicRack v0.9.156
Destinations
DeviceDiscovery
DocProc
Dragon NaturallySpeaking 11
Dropbox
Fax
File Splitter and Joiner (FFSJ v3.3)
FinalBurner Free v2.13.0.164
FirstRowSportApp
Free Easy Burner V 5.1
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP OfficeJet L7300/L7500/7600/7700
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Processor Graphics
L7500
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
MediaMonkey 3.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MPM
Nero 7 Demo
Network64
OCR Software by I.R.I.S. 14.0
Picasa 3
PIXresizer 2.0.4
ProductContext
QuickTime
Republic: The Revolution
Scan
Shop for HP Supplies
SolutionCenter
Status
SUPERAntiSpyware
SweetIM for Messenger 3.7
SweetPacks bundle uninstaller
Toolbox
TrayApp
Update Manager for SweetPacks 1.1
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.0
WebReg
Yontoo 1.10.03
.
==== Event Viewer Messages From Past Week ========
.
30/01/2013 17:10:35, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x300000001cbe7. The name of the file is "\Users\Jaimin Nish\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1".
30/01/2013 17:09:31, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Owner\Jaimin Nish SID (S-1-5-21-2207316919-3133285856-867259410-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
30/01/2013 16:23:35, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Owner\Nyah Nish SID (S-1-5-21-2207316919-3133285856-867259410-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
30/01/2013 16:22:10, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x200000001d2df. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1".
26/01/2013 00:07:27, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02/02/2013 21:37:00, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000008712. The name of the file is "\Windows\AppCompat\Programs\Amcache.hve.LOG1".
02/02/2013 21:36:49, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Owner\User SID (S-1-5-21-2207316919-3133285856-867259410-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
02/02/2013 21:25:17, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x3000000013d0e. The name of the file is "\ProgramData\avg8\Log\avgui.log".
02/02/2013 21:24:34, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xbc00000001687c. The name of the file is "\ProgramData\avg8\Log\commonpriv.log".
02/02/2013 21:24:34, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000caab. The name of the file is "\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl".
02/02/2013 21:24:16, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The system cannot find the file specified.
02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xd00000002ca33. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8D97D5-5E66-11E2-BE92-10BF487F6D7E}.dat".
02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x700000002ca0f. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8DBEE5-5E66-11E2-BE92-10BF487F6D7E}.dat".
02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x400000002cac9. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8D70C5-5E66-11E2-BE92-10BF487F6D7E}.dat".
02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x400000002cac0. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8DE5F5-5E66-11E2-BE92-10BF487F6D7E}.dat".
02/02/2013 16:44:32, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1400000002ca17. The name of the file is "\Users\Nyah Nish\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8E0D05-5E66-11E2-BE92-10BF487F6D7E}.dat".
02/02/2013 12:12:55, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
01/02/2013 19:18:15, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume ??. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000008712. The name of the file is "\Windows\AppCompat\Programs\Amcache.hve.LOG1".
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by User at 22:02:50 on 2013-02-02
Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.7887.6136 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Internet Security *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~2\AVG\AVG8\avgfws8.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\PROGRA~2\AVG\AVG8\avgam.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5J1QVGB\SparkTrust PC Cleaner Plus Setup.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
mWinlogon: Userinit = userinit.exe
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
TB: BitTorrentControl_v12 Toolbar: {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll
TB: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://eversheds.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{3948E1EF-EFA6-4B62-B1C2-AB6F3DDA463B} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\Drivers\avgrkx64.sys [2013-1-1 14856]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2013-1-1 29464]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\Drivers\avgldx64.sys [2013-1-1 427016]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\Drivers\avgmfx64.sys [2013-1-1 33416]
R1 AvgTdiA;AVG8 Network Redirector x64;C:\Windows\System32\Drivers\avgtdia.sys [2013-1-1 133640]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2013-1-1 297752]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~2\AVG\AVG8\avgfws8.exe [2013-1-1 1370488]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-25 398184]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [2012-1-25 240408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-12-25 24176]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [2012-1-25 192792]
S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe --> C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-25 682344]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2012-9-19 203104]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-02-02 19:48:17 -------- d-----w- C:\ProgramData\Doctor Web
2013-02-02 19:10:48 -------- d-----w- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-02-02 19:10:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-02-02 19:10:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-01-29 22:22:59 210624 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10191.bin
2013-01-20 23:20:27 -------- d-----w- C:\ProgramData\WEBREG
2013-01-20 23:16:06 -------- d-----w- C:\Users\User\AppData\Local\HP
2013-01-20 23:15:02 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp58a.dll
2013-01-20 23:15:00 -------- d-----w- C:\Windows\LastGood.Tmp
2013-01-20 23:12:04 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-01-20 23:11:46 -------- d-----w- C:\Users\User\AppData\Roaming\HpUpdate
2013-01-20 23:10:29 -------- d-----w- C:\Windows\SysWow64\spool
2013-01-20 23:09:24 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-01-20 23:09:23 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2013-01-20 23:08:09 131072 ----a-w- C:\Windows\System32\hpz3l58a.dll
2013-01-20 23:07:59 -------- d-----w- C:\Program Files (x86)\HP
2013-01-20 23:04:45 861184 ----a-w- C:\Windows\System32\hpwwiax2.dll
2013-01-20 23:04:45 540672 ----a-w- C:\Windows\System32\hppldcoi.dll
2013-01-20 23:04:45 488960 ----a-w- C:\Windows\System32\hpovst11.dll
2013-01-20 23:04:45 338944 ----a-w- C:\Windows\System32\hpzids40.dll
2013-01-20 23:04:45 1424896 ----a-w- C:\Windows\System32\hpwtiop2.dll
2013-01-16 16:13:39 -------- d-sh--w- C:\found.001
2013-01-15 16:21:38 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-15 16:21:38 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-14 21:54:59 955904 ----a-w- C:\Windows\System32\WebcamUi.dll
2013-01-14 21:53:16 2367528 ----a-w- C:\Windows\System32\WSService.dll
2013-01-14 21:53:15 13640704 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-01-14 21:53:09 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
2013-01-14 21:53:06 10791936 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-01-14 21:53:04 2397184 ----a-w- C:\Windows\System32\WpcMon.exe
2013-01-14 21:53:02 3847168 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-14 21:53:01 3964416 ----a-w- C:\Windows\System32\WinSAT.exe
2013-01-14 21:51:44 76288 ----a-w- C:\Windows\System32\newdev.exe
2013-01-14 21:51:44 75264 ----a-w- C:\Windows\System32\ndadmin.exe
2013-01-14 21:51:44 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
2013-01-14 21:51:44 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
2013-01-14 21:51:44 301568 ----a-w- C:\Windows\System32\newdev.dll
2013-01-14 21:51:44 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
2013-01-14 21:51:42 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-01-14 21:51:42 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-01-13 19:06:09 -------- d-----w- C:\Users\User\AppData\Roaming\FLEXnet
2013-01-13 19:06:08 -------- d-----w- C:\Users\User\AppData\Roaming\Nuance
2013-01-13 19:02:59 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
2013-01-13 19:02:53 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2013-01-13 19:02:03 -------- d-----w- C:\ProgramData\Nuance
2013-01-13 19:02:03 -------- d-----w- C:\Program Files (x86)\Nuance
2013-01-12 15:15:14 -------- d-----w- C:\Program Files (x86)\Gophoto.it
2013-01-12 15:14:58 -------- d-----w- C:\Program Files (x86)\FirstRowSportApp.com
.
==================== Find3M ====================
.
2013-01-01 17:44:53 427016 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-01-01 17:43:10 14856 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-01-01 17:43:10 12464 ----a-w- C:\Windows\System32\avgrssta.dll
2013-01-01 17:43:09 133640 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-01-01 17:43:08 33416 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-01-01 17:43:01 29464 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
2013-01-01 12:16:57 794906 ----a-w- C:\Windows\unins000.exe
2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-11-27 04:19:52 5088256 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-11-27 04:19:51 256000 ----a-w- C:\Windows\System32\WSDMon.dll
2012-11-27 04:19:50 244736 ----a-w- C:\Windows\System32\wpnapps.dll
2012-11-27 04:19:48 1096704 ----a-w- C:\Windows\System32\wmpmde.dll
2012-11-27 04:19:42 1145856 ----a-w- C:\Windows\System32\winmde.dll
2012-11-27 04:19:33 631808 ----a-w- C:\Windows\System32\UserLanguagesCpl.dll
2012-11-27 04:19:32 245248 ----a-w- C:\Windows\System32\usbmon.dll
2012-11-27 04:19:25 173568 ----a-w- C:\Windows\System32\storewuauth.dll
2012-11-27 04:19:25 1536512 ----a-w- C:\Windows\System32\storagewmi.dll
2012-11-27 04:19:22 245248 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2012-11-27 04:19:09 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-11-27 04:19:02 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\Windows\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys
2012-11-26 04:21:18 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2012-11-26 04:20:09 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2012-11-10 04:23:25 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-11-10 04:23:18 148480 ----a-w- C:\Windows\System32\poqexec.exe
2012-11-10 04:22:40 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2012-11-10 04:22:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2012-11-10 04:22:14 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2012-11-10 04:20:20 135680 ----a-w- C:\Windows\System32\appserverai.dll
2012-11-09 04:49:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
.
============= FINISH: 22:03:18.95 ===============
jn
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

I need to know what file name and in what location is reported by AVG.

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Many thanks for your assistance on this! Much appreciated!

I ran the Malwares Rootkit and it states that there is no clean up required!

Find below the Rougekiller report!


RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 02/03/2013 00:47:21
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : DNS7reminder ("C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010DLE630 +++++
--- User ---
[MBR] 5b2bb66dab469c10f182722fb9bc3aa6
[BSP] 7b0f5e5e920674fac268cd060836348a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 953517 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Seagate FreeAgentDesktop USB Device +++++
--- User ---
[MBR] dcde733048f6c26f6697649797f55902
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] d0b2f0bc9fe4262e98ca652f8e895acc
[BSP] fb96b40a3aac349760910f0d232ba589 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_02032013_02d0047.txt >>
RKreport[1]_S_02032013_02d0046.txt ; RKreport[2]_D_02032013_02d0047.txt
 
I've been following that thread tonight.

AVG is listing the following files:
C\windows\system32\audiodg.exe
C\windows\system32\Macromed\flash\flashUtil_ActiveX.exe

Whenever I try to Remove selected infections, it just freezes everything and I end up having to sign off and even restart the computer.

In addition, I have problems starting up music program media money, it starts up, but will not play the MP3 and as stated when on the internet, it will play videos but not the sound.

Does this help?
 
It looks like same files as in the other topic.
AVG keeps removing one of system files (audiodg.exe) and you're getting audio issues.
As you can see from the other topic the above file is clean.

You have couple of choices...
1. Put those files into AVG exceptions.
2. Switch to some other AV program.

Personally I stopped recommending AVG long time ago.
 
Hold Windows logo key
aa922834-ed43-40f1-8830-d5507badb56c_91.jpg
and press "E".
It'll open Windows Explorer.
Navigate to C:\windows\system32 folder and see if audiodg.exe file is there.
 
Yup, it's there!

Second guessing you, do I uninstall AVG, install another and then everything is back to normal? (In theory)
 
Back