Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help w/ Malware Detection


  • This topic is locked This topic is locked
6 replies to this topic

#1 DukkhaNirodha

DukkhaNirodha

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 31 March 2014 - 08:19 AM

Hello, BC. Thanks for taking the time to help me deal with my malware problem. I suspect I may have an advanced spyware infection on my PC. If you can help me with analyzing these logs I would really appreciate it. If you need me to run any scans just let me know and I can send you more log files, or if you need any info in general. All help is greatly appreciated. Thank you.

-DukhaNirodha

 

DDS LOG

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by House at 5:58:03 on 2014-03-31
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4086.1592 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: 360 Internet Security *Enabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Internet Security *Enabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\360\360 Internet Security\360rps.exe
C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\360\360 Internet Security\360sd.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\360\360 Internet Security\360rp.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files\360\360 Internet Security\safemon\360tray.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F175A2DC-4499-401C-9A5E-1C74D214D909} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"
x64-Run: [360sd] "C:\Program Files\360\360 Internet Security\360sdrun.exe"
x64-Notify: AutorunsDisabled - <no file>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-3-28 146720]
R1 360AntiHacker;360Safe Anti Hacker Service;C:\Windows\System32\drivers\360AntiHacker64.sys [2014-3-28 97480]
R1 360Box64;360Box mini-filter driver;C:\Windows\System32\drivers\360Box64.sys [2014-3-28 305856]
R1 360Camera;360Safe Camera Filter Service;C:\Windows\System32\drivers\360Camera64.sys [2014-3-28 41152]
R1 360fsflt;360FsFlt mini-filter driver;C:\Windows\System32\drivers\360FsFlt.sys [2014-3-28 286912]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 BAPIDRV;BAPIDRV;C:\Windows\System32\drivers\BAPIDRV64.SYS [2014-3-28 179904]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-28 91368]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-28 122088]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-28 109288]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-28 114920]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-28 119016]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-28 305896]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-28 118504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-28 114920]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-28 246504]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-28 106216]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2014-3-24 64720]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2014-3-24 62008]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2014-3-24 52360]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-10-11 206056]
R1 Uim_DEVIM;UIM Direct Device Image Plugin;C:\Windows\System32\drivers\uim_devim.sys [2013-12-16 25992]
R2 360rp;360 Internet Security Real-time Protection Loading Service;C:\Program Files\360\360 Internet Security\360rps.exe [2014-3-28 295608]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-2-23 3782672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-10-2 140768]
R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2014-3-24 584864]
R2 OBKSvc;Safepay Service Agent;C:\Program Files\Bitdefender\Bitdefender Safepay\obksvc.exe [2014-3-28 387632]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-10-17 169192]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-10-11 122600]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-10-11 124648]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-10-11 137960]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-10-18 37344]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2014-3-24 4457688]
R2 UPDATESRV_SAFEPAY;Bitdefender Safepay Update Service;C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe [2014-3-28 66784]
R2 ZhuDongFangYu;Proactive Defence;C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [2014-3-28 228800]
R3 360AvFlt;360AvFlt mini-filter driver;C:\Windows\System32\drivers\360AvFlt.sys [2014-3-28 67272]
R3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-3-24 57024]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 OAnet;OnlineArmor Service;C:\Windows\System32\drivers\OAnet.sys [2014-3-24 35368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-30 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-30 63192]
S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-10-11 105704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-30 1809720]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-30 857912]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-28 69864]
.
=============== Created Last 30 ================
.
2014-03-31 12:43:40 388096 ----a-r- C:\Users\House\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-31 12:43:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-03-31 06:14:57 -------- d-----w- C:\Users\House\AppData\Local\gtk-2.0
2014-03-31 06:14:20 -------- d-----w- C:\Users\House\.thumbnails
2014-03-31 06:05:15 -------- d-----w- C:\Users\House\AppData\Local\fontconfig
2014-03-31 06:05:11 -------- d-----w- C:\Users\House\AppData\Local\gegl-0.2
2014-03-31 06:05:11 -------- d-----w- C:\Users\House\.gimp-2.8
2014-03-31 06:03:09 -------- d-----w- C:\Program Files\GIMP 2
2014-03-31 03:07:07 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2014-03-30 14:39:06 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-30 14:39:05 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-30 14:39:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-29 12:25:53 77312 ----a-w- C:\Windows\System32\eamclean.exe
2014-03-29 11:21:52 -------- d---a-w- C:\Program Files\VbaLink
2014-03-29 10:49:23 -------- d-----w- C:\ProgramData\YTD Video Downloader
2014-03-29 10:48:38 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2014-03-29 10:42:13 -------- d-----w- C:\Users\House\AppData\Local\VideoLAN
2014-03-29 09:22:51 -------- d-----w- C:\Users\House\AppData\Roaming\Music Editor Free
2014-03-29 09:16:50 348160 ----a-w- C:\Windows\SysWow64\NCTWMAFile2.dll
2014-03-29 09:16:49 479232 ----a-w- C:\Windows\SysWow64\NCTAudioVisualization2.dll
2014-03-29 09:16:49 417792 ----a-w- C:\Windows\SysWow64\NCTTextToAudio2.dll
2014-03-29 09:16:48 602112 ----a-w- C:\Windows\SysWow64\NCTAudioTransform2.dll
2014-03-29 09:16:48 458752 ----a-w- C:\Windows\SysWow64\NCTAudioRecord2.dll
2014-03-29 09:16:47 458752 ----a-w- C:\Windows\SysWow64\NCTAudioPlayer2.dll
2014-03-29 09:16:46 1986560 ----a-w- C:\Windows\SysWow64\NCTAudioFile2.dll
2014-03-29 09:16:46 1212416 ----a-w- C:\Windows\SysWow64\NCTAudioInformation2.dll
2014-03-29 09:16:44 880640 ----a-w- C:\Windows\SysWow64\NCTAudioEditor2.dll
2014-03-29 09:16:44 835584 ----a-w- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
2014-03-29 09:16:43 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2014-03-29 09:16:42 -------- d-----w- C:\Program Files (x86)\Music Editor Free
2014-03-29 08:50:50 -------- d-----w- C:\Users\House\AppData\Roaming\uTorrent
2014-03-29 08:46:28 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-03-29 06:26:50 22584 ----a-w- C:\Windows\System32\drivers\efimon.sys
2014-03-29 06:26:42 -------- d-----w- C:\Users\House\AppData\Roaming\360SD
2014-03-29 06:26:41 -------- d-----w- C:\Users\House\AppData\Roaming\360safe
2014-03-29 06:26:41 -------- d-----w- C:\ProgramData\360SD
2014-03-29 06:26:00 286912 ----a-w- C:\Windows\System32\drivers\360FsFlt.sys
2014-03-29 06:26:00 179904 ----a-w- C:\Windows\System32\drivers\BAPIDRV64.SYS
2014-03-29 06:25:44 97480 ----a-w- C:\Windows\System32\drivers\360AntiHacker64.sys
2014-03-29 06:25:44 41152 ----a-w- C:\Windows\System32\drivers\360Camera64.sys
2014-03-29 06:25:41 -------- d-sh--r- C:\360SANDBOX
2014-03-29 06:25:40 305856 ----a-w- C:\Windows\System32\drivers\360Box64.sys
2014-03-29 06:23:59 -------- d-----w- C:\Program Files\360
2014-03-29 06:09:16 67272 ----a-w- C:\Windows\System32\drivers\360AvFlt.sys
2014-03-28 17:42:13 -------- d-----w- C:\Users\House\AppData\Roaming\QuickScan
2014-03-28 17:41:27 196419 ----a-w- C:\ProgramData\1396028385.bdinstall.bin
2014-03-28 17:41:17 -------- d-----w- C:\ProgramData\Bitdefender
2014-03-28 17:41:16 -------- d-----w- C:\ProgramData\BDLogging
2014-03-28 17:39:55 146720 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2014-03-28 17:39:54 -------- d-----w- C:\Program Files\Bitdefender
2014-03-28 17:39:34 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2014-03-27 09:01:04 -------- d-----w- C:\Users\House\AppData\Roaming\Wise Uninstaller
2014-03-27 09:00:58 -------- d-----w- C:\Program Files (x86)\Wise
2014-03-27 08:52:25 -------- d-----w- C:\Program Files\COMODO
2014-03-27 08:52:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-03-27 08:52:17 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2014-03-27 08:52:17 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2014-03-26 12:34:50 0 ----a-w- C:\Windows\System32\olepro32.dll
2014-03-26 12:34:50 0 ----a-w- C:\Windows\System32\igdumdx32.dll
2014-03-26 12:34:50 0 ----a-w- C:\Windows\System32\igdumd32.dll
2014-03-26 12:04:51 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-26 12:04:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-26 12:04:42 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-26 12:04:02 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-25 09:27:03 -------- d-----w- C:\ProgramData\eBay
2014-03-25 09:27:03 -------- d-----w- C:\Program Files (x86)\eBay
2014-03-25 05:23:55 -------- d-----w- C:\Users\House\AppData\Local\Blizzard
2014-03-25 05:16:42 -------- d-----w- C:\Program Files (x86)\StarCraft
2014-03-25 04:56:42 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-03-25 04:31:27 -------- d-----w- C:\Users\House\AppData\Local\Blizzard Entertainment
2014-03-25 04:31:20 -------- d-----w- C:\Users\House\AppData\Roaming\Battle.net
2014-03-25 04:31:20 -------- d-----w- C:\Users\House\AppData\Local\Battle.net
2014-03-25 04:30:28 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-03-25 04:30:28 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-03-25 04:26:38 -------- d-----w- C:\ProgramData\Battle.net
2014-03-25 04:25:24 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-03-25 01:55:52 -------- d-----w- C:\Users\House\VirtualBox VMs
2014-03-25 01:54:44 -------- d-----w- C:\Program Files (x86)\HashCalc
2014-03-25 01:52:46 -------- d-----w- C:\Users\House\.VirtualBox
2014-03-25 01:51:25 252704 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-03-25 01:48:42 126752 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-03-25 01:48:30 -------- d-----w- C:\Program Files\Oracle
2014-03-24 19:39:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-24 19:39:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-24 19:33:04 -------- d-----w- C:\Users\House\AppData\Local\Adobe
2014-03-24 19:32:23 -------- d-----w- C:\Users\House\AppData\Local\ElevatedDiagnostics
2014-03-24 14:41:44 -------- d-----w- C:\arc_240314144014829
2014-03-24 13:40:52 -------- d-----w- C:\ProgramData\launcher
2014-03-24 13:40:52 -------- d-----w- C:\ProgramData\explauncher
2014-03-24 13:36:54 -------- d-----w- C:\Program Files\Paragon Software
2014-03-24 13:34:11 -------- d-----w- C:\Users\House\AppData\Local\Downloaded Installations
2014-03-24 13:26:58 -------- d-----w- C:\ProgramData\Auslogics
2014-03-24 13:26:38 -------- d-----w- C:\Program Files (x86)\Auslogics
2014-03-24 13:21:55 -------- d-----w- C:\Program Files\CCleaner
2014-03-24 13:17:19 -------- d-----w- C:\Users\House\AppData\Roaming\Glarysoft
2014-03-24 13:17:18 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2014-03-24 13:11:46 -------- d-----w- C:\Users\House\AppData\Local\Kingsoft
2014-03-24 13:05:07 -------- d-----w- C:\ProgramData\Kingsoft
2014-03-24 13:03:43 -------- d-----w- C:\Program Files (x86)\Kingsoft
2014-03-24 13:03:39 -------- d-----w- C:\Users\House\AppData\Roaming\Kingsoft
2014-03-24 10:56:26 -------- d-----w- C:\EEK
2014-03-24 10:54:53 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
2014-03-24 10:50:41 -------- d-----w- C:\Program Files\HitmanPro
2014-03-24 10:50:22 -------- d-----w- C:\ProgramData\HitmanPro
2014-03-24 10:48:18 -------- d-----w- C:\Windows\Panther
2014-03-24 10:46:51 -------- d-----w- C:\Users\House\AppData\Roaming\Panda Security
2014-03-24 10:46:03 -------- d-----w- C:\ProgramData\Panda Security
2014-03-24 10:46:03 -------- d-----w- C:\Program Files (x86)\Panda Security
2014-03-24 10:36:04 -------- d-----w- C:\Users\House\AppData\Roaming\OnlineArmor
2014-03-24 10:36:04 -------- d-----w- C:\ProgramData\OnlineArmor
2014-03-24 10:32:43 64720 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys
2014-03-24 10:32:43 62008 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys
2014-03-24 10:32:43 52360 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys
2014-03-24 10:32:43 35368 ----a-w- C:\Windows\System32\drivers\OAnet.sys
2014-03-24 10:32:41 -------- d-----w- C:\Program Files (x86)\Online Armor
2014-03-24 10:20:37 -------- d-----w- C:\Users\House\AppData\Roaming\AVG2014
2014-03-24 10:20:05 -------- d-----w- C:\Users\House\AppData\Roaming\TuneUp Software
2014-03-24 10:19:50 -------- d--h--w- C:\$AVG
2014-03-24 10:19:50 -------- d-----w- C:\ProgramData\AVG2014
2014-03-24 10:19:22 -------- d-----w- C:\Program Files (x86)\AVG
2014-03-24 10:16:07 -------- d--h--w- C:\ProgramData\Common Files
2014-03-24 10:16:07 -------- d-----w- C:\Users\House\AppData\Local\MFAData
2014-03-24 10:16:07 -------- d-----w- C:\Users\House\AppData\Local\Avg2014
2014-03-24 10:16:07 -------- d-----w- C:\ProgramData\MFAData
2014-03-24 10:15:21 -------- d-----w- C:\Users\House\AppData\Local\Programs
2014-03-24 10:07:42 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2014-03-24 10:07:42 -------- d-----w- C:\Windows\SysWow64\x64
2014-03-24 10:07:42 -------- d-----w- C:\Windows\SysWow64\Lang
2014-03-24 10:07:24 -------- d-----w- C:\Intel
2014-03-24 10:06:02 -------- d-sh--w- C:\Windows\Installer
2014-03-24 10:00:33 -------- d-----w- C:\Users\House\AppData\Local\Google
2014-03-24 10:00:20 -------- d-----w- C:\Users\House\AppData\Local\Apps
2014-03-24 10:00:19 -------- d-----w- C:\Users\House\AppData\Local\Deployment
.
==================== Find3M  ====================
.
2014-02-26 01:27:38 154912 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2014-02-26 01:27:38 140576 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-02-26 01:24:28 204064 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
.
============= FINISH:  6:00:41.02 ===============


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 31 March 2014 - 09:10 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Panda, 360or AVG.

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 DukkhaNirodha

DukkhaNirodha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 31 March 2014 - 12:38 PM

~Error Post~


Edited by DukkhaNirodha, 01 April 2014 - 12:49 AM.


#4 DukkhaNirodha

DukkhaNirodha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 April 2014 - 12:46 AM

TB-Psychotic,
Thanks a lot for the help, I really appreciate it. Here is the TDSSKiller log file.
-DukkhaNirodha

Attached Files


Edited by DukkhaNirodha, 01 April 2014 - 12:49 AM.


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 01 April 2014 - 03:16 AM

Did you remove all your antivirus programs but one?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 DukkhaNirodha

DukkhaNirodha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 April 2014 - 08:13 AM

TB-Psychotic,

Thanks for the response. I decided that I am going to work on solving this problem independently. If I do need help in the future I will try and come to you directly. Once again, thanks for your time.

-DukkhaNirodha


Edited by DukkhaNirodha, 01 April 2014 - 08:58 AM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 02 April 2014 - 06:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users