Solved [AVG FP2] Virus Trojan Horse PSW. Generic 10 BNPL

Mark Pocock

Posts: 8   +0
I have a virus on my laptop. I keep getting a pop-up to say: Virus Trojan Horse PSW. Generic 10 BNPL - if you click on show details it says this: C:\Program Files (x86)malwyreytes.Anti-Malware\mbam.exe - - Can anyone help me?

I have scanned with Free AVG and Malwarebytes on the quick scan of malware it doesn't think I have a virus the MBAM log says this:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Mark :: MARK [administrator]

02/02/2013 12:40:23
mbam-log-2013-02-02 (12-40-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222536
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
This came from the full scan of malwarebytes:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Mark :: MARK [administrator]

02/02/2013 12:42:43
mbam-log-2013-02-02 (12-42-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401271
Time elapsed: 55 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Any ideas how to get rid of the virus?
 
Welcome aboard

Let me understand...
Are you saying that AVG is flagging "mbam.exe" as a virus?
 
Hi
AVG shows 15 infections it can't seem to heal these. None of them say mbam.exe
Say just now a box pops up and says file name:
C:\Windows\System32\audiodg.exe
Threat name:
Trojan Horse PSW Generic 10 BNPL
Then if you click on show details it says:
C:\Windows\System32\svchost.exe

This one also comes up in the scan of AVG:
"C:\Windows\System32\audiodg.exe";"Trojan horse PSW.Generic10.BNPL";"Object is white-listed (critical/system file that should not be removed)"
All the others mention either one of these or very similar:
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16472_none_84725ca8f34d7848\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
"C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20521_none_d030e8e687539f17\audiodg.exe";"Trojan horse PSW.Generic10.BNPL";"Infected"


Hope you understand as this one is a new one to me.

Thank you for your help.
 
You clearly said:
I keep getting a pop-up to say: Virus Trojan Horse PSW. Generic 10 BNPL - if you click on show details it says this: C:\Program Files (x86)malwyreytes.Anti-Malware\mbam.exe

In any case...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi

I scanned with Malwarebytes and the log comes up straight away. This is what is says:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Mark :: MARK [administrator]

03/02/2013 10:11:44
mbam-log-2013-02-03 (10-11-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222100
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I clicked to see the tabs in malwarebytes and in the logs tab it says:
C:\Users\mark\AppData\Roaming\Malwarebytes\malwarebytes 'anti-malware\logs\mbam-log-2013-02-03(10-17-09).txt
then when I delete it and rescan it still comes up.
 
Dds:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by Mark at 10:24:10 on 2013-02-03
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3909.2448 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\RfBtnSvc64.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\wwahost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={87177234-CF72-47C4-BA8D-7A239ABB17F4}&mid=ebf37969457947d09dc969c1a529aad6-18284b64c028a52bf8145a43c8a63f00f312ec43&lang=us&ds=AVG&pr=fr&d=2013-01-01 10:44:25&v=14.0.2.14&pid=avg&sg=&sap=hp
uDefault_Page_URL = hxxp://acer13.msn.com
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6A2B63E6-41F2-4B32-A227-C6E1E017943C} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A759240D-B38A-4F04-81D5-28B80C8337F8} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\w6u0r3yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={87177234-CF72-47C4-BA8D-7A239ABB17F4}&mid=ebf37969457947d09dc969c1a529aad6-18284b64c028a52bf8145a43c8a63f00f312ec43&lang=us&ds=AVG&pr=fr&d=2013-01-01 10:44:25&v=14.0.2.14&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={87177234-CF72-47C4-BA8D-7A239ABB17F4}&mid=ebf37969457947d09dc969c1a529aad6-18284b64c028a52bf8145a43c8a63f00f312ec43&lang=us&ds=AVG&pr=fr&d=2013-01-01 10:44:25&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-01 10:44; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-17 645952]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\Drivers\avgldx64.sys [2012-12-31 282976]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\Drivers\avgmfx64.sys [2012-12-31 35664]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\Drivers\avgtdia.sys [2012-12-31 317520]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2012-12-31 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2012-12-31 308136]
R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-9-5 348784]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-9-5 28560]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-17 165760]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-10-17 93296]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-17 364416]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-30 945328]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-10-17 81536]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\Drivers\b57xdbd.sys [2012-8-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\Drivers\b57xdmp.sys [2012-8-13 21080]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\Drivers\bScsiSDa.sys [2012-8-14 70744]
R3 ePowerSvc;ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2012-8-22 658576]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-9-5 318864]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-5 342528]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-10-17 26736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2012-12-31 167264]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-23 468624]
.
=============== Created Last 30 ================
.
2013-02-02 11:32:48 -------- d-----w- C:\Program Files\Enigma Software Group
2013-02-02 11:32:13 -------- d-----w- C:\Windows\AD637FE139704DA0A3EA3D0E49EB8437.TMP
2013-02-02 11:32:12 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-02-01 18:04:04 -------- d--h--w- C:\$AVG
2013-01-30 08:49:55 210624 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10191.bin
2013-01-30 08:01:57 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-01-13 08:33:52 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
2013-01-11 08:23:33 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-11 08:23:33 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-10 08:23:37 -------- d-----w- C:\58922d9ff9c2059dc0
2013-01-10 08:05:20 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-01-10 08:05:20 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-01-10 08:04:50 2361344 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-10 08:04:49 1836032 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-10 08:04:49 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-10 08:04:48 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2013-01-10 08:04:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-01-10 08:04:48 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2013-01-10 08:04:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-01-10 08:04:48 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 18:20:02 -------- d-----w- C:\Users\Mark\AppData\Local\CrashDumps
2013-01-09 08:08:23 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-01-08 16:18:12 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2013-01-16 07:00:18 282976 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-12-31 16:54:51 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-12-31 16:54:28 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2012-12-31 16:54:27 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\Windows\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys
2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2012-11-10 04:23:25 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-11-10 04:23:18 148480 ----a-w- C:\Windows\System32\poqexec.exe
2012-11-10 04:22:40 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2012-11-10 04:22:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2012-11-10 04:22:14 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2012-11-10 04:20:20 135680 ----a-w- C:\Windows\System32\appserverai.dll
2012-11-09 04:49:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-11-06 07:52:07 445160 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2012-11-06 07:33:46 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\Windows\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\Windows\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\Windows\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\Windows\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2012-11-06 04:54:13 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\Windows\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\Windows\SysWow64\fdWCN.dll
2012-11-06 04:17:58 110080 ----a-w- C:\Windows\System32\dafWCN.dll
.
============= FINISH: 10:24:39.53 ===============
 
Other dds report:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 31/12/2012 12:36:25
System Uptime: 03/02/2013 10:08:39 (0 hours ago)
.
Motherboard: Packard Bell | | EG50_HC_HR
Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz | U3E1 | 1800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 410.017 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 19/01/2013 07:51:34 - Avg Update
RP7: 21/01/2013 09:08:49 - Installed PowerLine Utility
RP8: 29/01/2013 07:33:43 - Scheduled Checkpoint
RP9: 02/02/2013 11:32:21 - Installed SpyHunter
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
AVG Free 9.0
AVG Security Toolbar
Broadcom Card Reader Driver Installer
CCleaner
CyberLink PowerDVD 10
eBay Worldwide
ETDWare PS/2-X64 11.6.8.001_WHQL
Identity Card
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Launch Manager
Live Updater
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
Nero 12 Essentials OEM.a01
Nero BackItUp
Nero BackItUp 12 Essentials OEM.a01
Nero BackItUp Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Express
Nero Express Help (CHM)
Nero Launcher
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero Update
Packard Bell Device Fast-lane
Packard Bell Power Management
Packard Bell Recovery Management
Prerequisite installer
Qualcomm Atheros WiFi Driver Installation
Realtek High Definition Audio Driver
Visual C++ 8.0 Runtime Setup Package (x64)
.
==== Event Viewer Messages From Past Week ========
.
02/02/2013 18:47:17, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.
02/02/2013 12:13:07, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
02/02/2013 12:12:57, Error: Service Control Manager [7019] - The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
02/02/2013 12:12:57, Error: Service Control Manager [7018] - Detected circular dependencies auto-starting services. Check the service dependency tree.
.
==== End Of File ===========================
 
AVG Results overview:
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20588_none_84f72b440c6dcc0d\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20577_none_8500fae60c6696c5\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16483_none_84688d06f354ad90\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16472_none_84725ca8f34d7848\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"

Hope this is right. The infections have gone down from 15 to 4 now. What else do I need to do?
 
Hi Broni

So you mean I need to add these files:
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20588_none_84f72b440c6dcc0d\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20577_none_8500fae60c6696c5\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16483_none_84688d06f354ad90\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
"C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16472_none_84725ca8f34d7848\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"

And this one:
C:\Windows\System32\audiodg.exe, legit system file

Do you place these in the Resident Shield section? Do I then click on: Remove all threats automatically -- or leave: ask me before removing threats?



Also I see you recommended changing to another free virus protector. If I do that would I need to do the above?

thanks

Beep
 
Back