TechSpot

[AVG FP2] Virus Trojan Horse PSW. Generic 10 BNPL

Solved
By Mark Pocock
Feb 2, 2013
  1. I have a virus on my laptop. I keep getting a pop-up to say: Virus Trojan Horse PSW. Generic 10 BNPL - if you click on show details it says this: C:\Program Files (x86)malwyreytes.Anti-Malware\mbam.exe - - Can anyone help me?

    I have scanned with Free AVG and Malwarebytes on the quick scan of malware it doesn't think I have a virus the MBAM log says this:
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.29.06

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    Mark :: MARK [administrator]

    02/02/2013 12:40:23
    mbam-log-2013-02-02 (12-40-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222536
    Time elapsed: 1 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. Mark Pocock

    Mark Pocock TS Rookie Topic Starter

    This came from the full scan of malwarebytes:
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.29.06

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    Mark :: MARK [administrator]

    02/02/2013 12:42:43
    mbam-log-2013-02-02 (12-42-43).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 401271
    Time elapsed: 55 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    Any ideas how to get rid of the virus?
  3. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Welcome aboard [​IMG]

    Let me understand...
    Are you saying that AVG is flagging "mbam.exe" as a virus?
  4. Mark Pocock

    Mark Pocock TS Rookie Topic Starter

    Hi
    AVG shows 15 infections it can't seem to heal these. None of them say mbam.exe
    Say just now a box pops up and says file name:
    C:\Windows\System32\audiodg.exe
    Threat name:
    Trojan Horse PSW Generic 10 BNPL
    Then if you click on show details it says:
    C:\Windows\System32\svchost.exe

    This one also comes up in the scan of AVG:
    "C:\Windows\System32\audiodg.exe";"Trojan horse PSW.Generic10.BNPL";"Object is white-listed (critical/system file that should not be removed)"
    All the others mention either one of these or very similar:
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16472_none_84725ca8f34d7848\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
    "C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.2.9200.20521_none_d030e8e687539f17\audiodg.exe";"Trojan horse PSW.Generic10.BNPL";"Infected"


    Hope you understand as this one is a new one to me.

    Thank you for your help.
  5. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    You clearly said:
    In any case...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  6. Mark Pocock

    Mark Pocock TS Rookie Topic Starter

    Hi

    I scanned with Malwarebytes and the log comes up straight away. This is what is says:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.29.06

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    Mark :: MARK [administrator]

    03/02/2013 10:11:44
    mbam-log-2013-02-03 (10-11-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222100
    Time elapsed: 2 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    I clicked to see the tabs in malwarebytes and in the logs tab it says:
    C:\Users\mark\AppData\Roaming\Malwarebytes\malwarebytes 'anti-malware\logs\mbam-log-2013-02-03(10-17-09).txt
    then when I delete it and rescan it still comes up.
  7. Mark Pocock

    Mark Pocock TS Rookie Topic Starter

    Dds:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453
    Run by Mark at 10:24:10 on 2013-02-03
    Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3909.2448 [GMT 0:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhostex.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files\Elantech\ETDService.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\RfBtnSvc64.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\syswow64\wwahost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://isearch.avg.com/?cid={87177234-CF72-47C4-BA8D-7A239ABB17F4}&mid=ebf37969457947d09dc969c1a529aad6-18284b64c028a52bf8145a43c8a63f00f312ec43&lang=us&ds=AVG&pr=fr&d=2013-01-01 10:44:25&v=14.0.2.14&pid=avg&sg=&sap=hp
    uDefault_Page_URL = hxxp://acer13.msn.com
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    mRun: [LManager] <no file>
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{6A2B63E6-41F2-4B32-A227-C6E1E017943C} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{A759240D-B38A-4F04-81D5-28B80C8337F8} : DHCPNameServer = 192.168.1.1 192.168.1.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\w6u0r3yc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={87177234-CF72-47C4-BA8D-7A239ABB17F4}&mid=ebf37969457947d09dc969c1a529aad6-18284b64c028a52bf8145a43c8a63f00f312ec43&lang=us&ds=AVG&pr=fr&d=2013-01-01 10:44:25&v=14.0.2.14&pid=avg&sg=&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={87177234-CF72-47C4-BA8D-7A239ABB17F4}&mid=ebf37969457947d09dc969c1a529aad6-18284b64c028a52bf8145a43c8a63f00f312ec43&lang=us&ds=AVG&pr=fr&d=2013-01-01 10:44:25&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2013-01-01 10:44; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-17 645952]
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\Drivers\avgldx64.sys [2012-12-31 282976]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\Drivers\avgmfx64.sys [2012-12-31 35664]
    R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\Drivers\avgtdia.sys [2012-12-31 317520]
    R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2012-12-31 921952]
    R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2012-12-31 308136]
    R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-9-5 348784]
    R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-9-5 28560]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-17 165760]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-10-17 93296]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-17 364416]
    R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-30 945328]
    R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-10-17 81536]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\Drivers\b57xdbd.sys [2012-8-13 72280]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\Drivers\b57xdmp.sys [2012-8-13 21080]
    R3 bScsiMSa;bScsiMSa;C:\Windows\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
    R3 bScsiSDa;bScsiSDa;C:\Windows\System32\Drivers\bScsiSDa.sys [2012-8-14 70744]
    R3 ePowerSvc;ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2012-8-22 658576]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-9-5 318864]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-5 342528]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
    R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-10-17 26736]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2012-12-31 167264]
    S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-23 468624]
    .
    =============== Created Last 30 ================
    .
    2013-02-02 11:32:48 -------- d-----w- C:\Program Files\Enigma Software Group
    2013-02-02 11:32:13 -------- d-----w- C:\Windows\AD637FE139704DA0A3EA3D0E49EB8437.TMP
    2013-02-02 11:32:12 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2013-02-01 18:04:04 -------- d--h--w- C:\$AVG
    2013-01-30 08:49:55 210624 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10191.bin
    2013-01-30 08:01:57 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-01-13 08:33:52 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
    2013-01-11 08:23:33 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-11 08:23:33 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-10 08:23:37 -------- d-----w- C:\58922d9ff9c2059dc0
    2013-01-10 08:05:20 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
    2013-01-10 08:05:20 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
    2013-01-10 08:04:50 2361344 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-10 08:04:49 1836032 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-10 08:04:49 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-10 08:04:48 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2013-01-10 08:04:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2013-01-10 08:04:48 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2013-01-10 08:04:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2013-01-10 08:04:48 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 18:20:02 -------- d-----w- C:\Users\Mark\AppData\Local\CrashDumps
    2013-01-09 08:08:23 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-01-08 16:18:12 -------- d-----w- C:\Program Files\CCleaner
    .
    ==================== Find3M ====================
    .
    2013-01-16 07:00:18 282976 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-12-31 16:54:51 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-12-31 16:54:28 13048 ----a-w- C:\Windows\System32\avgrssta.dll
    2012-12-31 16:54:27 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
    2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
    2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
    2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
    2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
    2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
    2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
    2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
    2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
    2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
    2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
    2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
    2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
    2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
    2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
    2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
    2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
    2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
    2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll
    2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL
    2012-11-27 04:17:31 2302464 ----a-w- C:\Windows\System32\authui.dll
    2012-11-27 03:57:32 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys
    2012-11-27 03:56:29 31104 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
    2012-11-27 03:55:44 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys
    2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
    2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
    2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll
    2012-11-20 05:17:20 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
    2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
    2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
    2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys
    2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys
    2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll
    2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
    2012-11-10 04:23:25 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2012-11-10 04:23:18 148480 ----a-w- C:\Windows\System32\poqexec.exe
    2012-11-10 04:22:40 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
    2012-11-10 04:22:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll
    2012-11-10 04:22:14 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
    2012-11-10 04:20:20 135680 ----a-w- C:\Windows\System32\appserverai.dll
    2012-11-09 04:49:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:03:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
    2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
    2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
    2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll
    2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
    2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll
    2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
    2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
    2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
    2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
    2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
    2012-11-06 07:52:07 445160 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
    2012-11-06 07:52:04 277736 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
    2012-11-06 07:36:23 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
    2012-11-06 07:33:46 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2012-11-06 07:33:46 253512 ----a-w- C:\Windows\System32\audiodg.exe
    2012-11-06 07:33:45 490064 ----a-w- C:\Windows\System32\AudioEng.dll
    2012-11-06 07:33:45 447792 ----a-w- C:\Windows\System32\AudioSes.dll
    2012-11-06 07:33:30 1566432 ----a-w- C:\Windows\System32\ole32.dll
    2012-11-06 05:00:06 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2012-11-06 05:00:06 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2012-11-06 05:00:06 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2012-11-06 04:54:13 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
    2012-11-06 04:48:27 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
    2012-11-06 04:19:59 470016 ----a-w- C:\Windows\System32\wlanmsm.dll
    2012-11-06 04:18:58 84992 ----a-w- C:\Windows\SysWow64\fdWCN.dll
    2012-11-06 04:17:58 110080 ----a-w- C:\Windows\System32\dafWCN.dll
    .
    ============= FINISH: 10:24:39.53 ===============
  8. Mark Pocock

    Mark Pocock TS Rookie Topic Starter

    Other dds report:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 31/12/2012 12:36:25
    System Uptime: 03/02/2013 10:08:39 (0 hours ago)
    .
    Motherboard: Packard Bell | | EG50_HC_HR
    Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz | U3E1 | 1800/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 446 GiB total, 410.017 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP6: 19/01/2013 07:51:34 - Avg Update
    RP7: 21/01/2013 09:08:49 - Installed PowerLine Utility
    RP8: 29/01/2013 07:33:43 - Scheduled Checkpoint
    RP9: 02/02/2013 11:32:21 - Installed SpyHunter
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    AVG Free 9.0
    AVG Security Toolbar
    Broadcom Card Reader Driver Installer
    CCleaner
    CyberLink PowerDVD 10
    eBay Worldwide
    ETDWare PS/2-X64 11.6.8.001_WHQL
    Identity Card
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    IntelĀ® Trusted Connect Service Client
    Launch Manager
    Live Updater
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Nero 12 Essentials OEM.a01
    Nero BackItUp
    Nero BackItUp 12 Essentials OEM.a01
    Nero BackItUp Help (CHM)
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Express
    Nero Express Help (CHM)
    Nero Launcher
    Nero RescueAgent
    Nero RescueAgent Help (CHM)
    Nero Update
    Packard Bell Device Fast-lane
    Packard Bell Power Management
    Packard Bell Recovery Management
    Prerequisite installer
    Qualcomm Atheros WiFi Driver Installation
    Realtek High Definition Audio Driver
    Visual C++ 8.0 Runtime Setup Package (x64)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    02/02/2013 18:47:17, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.
    02/02/2013 12:13:07, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    02/02/2013 12:12:57, Error: Service Control Manager [7019] - The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
    02/02/2013 12:12:57, Error: Service Control Manager [7018] - Detected circular dependencies auto-starting services. Check the service dependency tree.
    .
    ==== End Of File ===========================
  9. Mark Pocock

    Mark Pocock TS Rookie Topic Starter

    AVG Results overview:
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20588_none_84f72b440c6dcc0d\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20577_none_8500fae60c6696c5\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16483_none_84688d06f354ad90\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16472_none_84725ca8f34d7848\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"

    Hope this is right. The infections have gone down from 15 to 4 now. What else do I need to do?
  10. Broni

    Broni Malware Annihilator Posts: 46,797   +254

  11. Mark Pocock

    Mark Pocock TS Rookie Topic Starter

    Hi Broni

    So you mean I need to add these files:
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20588_none_84f72b440c6dcc0d\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20577_none_8500fae60c6696c5\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16483_none_84688d06f354ad90\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"
    "C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.16472_none_84725ca8f34d7848\FlashUtil_ActiveX.exe";"Trojan horse PSW.Generic10.BNPN";"Infected"

    And this one:
    C:\Windows\System32\audiodg.exe, legit system file

    Do you place these in the Resident Shield section? Do I then click on: Remove all threats automatically -- or leave: ask me before removing threats?



    Also I see you recommended changing to another free virus protector. If I do that would I need to do the above?

    thanks

    Beep
     
  12. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Yes.

    How to Add to the Exceptions in AVG

    If you want to switch to a different AV program follow my instructions from the other topics.

    You need to at least put this file back:
    C:\Windows\System32\audiodg.exe
    The others are just backups so it doesn't matter.



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.