PDA

View Full Version : Error during Check (Out of Memory)



jamesth
2015-02-10, 00:10
Hi there,

I've been trying to scan with spybot. However everytime I do so, I get a Error during check for certain items. I'm not sure how to proceed. Thanks. I have also scanned with Malwarebytes, Roguekiller and Kaspersky tdsskiller, but found nothing.


--- Report generated: 2015-02-09 13:40 ---

Error during check!: Win32.Adload.jm [7 - $AFC12AB3] (Out of memory) (Status)


Error during check!: Virtumonde [245 - $7390885E] (Out of memory) (Status)


Error during check!: Virtumonde [845 - $4A9C6736] (Out of memory) (Status)


Error during check!: Virtumonde [547 - $EA212551] (Out of memory) (Status)


Congratulations!: No immediate threats were found. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by happycat (administrator) on HAPPYCAT-PC on 09-02-2015 13:52:42
Running from C:\Users\happycat\Desktop
Loaded Profiles: happycat (Available profiles: happycat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\Razer Barracuda AC-1 Gaming Audio card.exe
(Flux Software LLC) C:\Users\happycat\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\happycat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.cpl,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Barracuda AC-1 Gaming Audio Card] => C:\Program Files (x86)\Razer Barracuda AC-1 Gaming Audio Card\Razer Barracuda AC-1 Gaming Audio card.exe [1205248 2010-03-02] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [f.lux] => C:\Users\happycat\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\happycat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2196593836-3544978208-278226143-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.7.23

FireFox:
========
FF ProfilePath: C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "http", "202.85.215.250"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2196593836-3544978208-278226143-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\happycat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: YouTube Auto Replay - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\YouTubeAutoReplay@arikv.com.xpi [2013-10-22]
FF Extension: StumbleUpon - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-07-05]
FF Extension: Download YouTube Videos as MP4 - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-07-18]
FF Extension: Adblock Plus - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
FF Extension: Greasemonkey - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-12-17] (Olof Lagerkvist)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-18] (Microsoft Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-12-14] (Olof Lagerkvist)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1038336 2007-03-26] (Razer)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-31] (Disc Soft Ltd)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [43584 2014-12-17] (Olof Lagerkvist)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-31] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-09] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 13:52 - 2015-02-09 13:52 - 00014727 _____ () C:\Users\happycat\Desktop\FRST.txt
2015-02-09 13:51 - 2015-02-09 13:52 - 00000000 ____D () C:\FRST
2015-02-09 13:51 - 2015-02-09 13:51 - 02132992 _____ (Farbar) C:\Users\happycat\Desktop\FRST64.exe
2015-02-09 13:51 - 2015-02-09 13:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAPPYCAT-PC-Windows-7-Ultimate-(64-bit).dat
2015-02-09 13:51 - 2015-02-09 13:51 - 00000000 ____D () C:\RegBackup
2015-02-09 13:50 - 2015-02-09 13:50 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-09 13:50 - 2015-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-09 13:50 - 2015-02-09 13:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-09 13:49 - 2015-02-09 13:49 - 04804736 _____ () C:\Users\happycat\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-09 13:28 - 2015-02-09 13:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-09 13:28 - 2015-02-09 13:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-09 13:28 - 2015-02-09 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-09 13:27 - 2015-02-09 13:27 - 16409960 _____ (Safer Networking Limited ) C:\Users\happycat\Downloads\spybotsd162.exe
2015-02-09 12:51 - 2015-02-09 13:11 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-09 12:51 - 2015-02-09 12:51 - 18570328 _____ () C:\Users\happycat\Desktop\RogueKillerX64.exe
2015-02-09 12:51 - 2015-02-09 12:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-09 12:48 - 2015-02-09 12:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\happycat\Desktop\tdsskiller.exe
2015-02-02 10:16 - 2015-02-02 10:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-02 10:16 - 2015-02-02 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-02 10:16 - 2015-02-02 10:16 - 00000000 ____D () C:\Program Files\Java
2015-02-02 10:12 - 2015-02-02 10:12 - 00035194 _____ () C:\Users\happycat\Desktop\replay_pid1384.log
2015-02-02 10:12 - 2015-02-02 10:12 - 00029353 _____ () C:\Users\happycat\Desktop\hs_err_pid1384.log
2015-02-01 22:59 - 2015-02-01 22:59 - 00000915 _____ () C:\Users\Public\Desktop\Smite.lnk
2015-02-01 22:59 - 2015-02-01 22:59 - 00000906 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2015-02-01 22:59 - 2015-02-01 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-02-01 22:55 - 2015-02-01 22:55 - 00009607 _____ () C:\Users\happycat\Documents\Uninstall Dragon Age 2.log
2015-02-01 22:54 - 2015-02-01 22:55 - 46660424 _____ (Hi-Rez Studios) C:\Users\happycat\Desktop\InstallSmite.exe
2015-01-31 19:21 - 2015-02-05 22:07 - 00000000 ____D () C:\ProgramData\Tunngle
2015-01-31 19:21 - 2015-01-31 19:21 - 00000706 _____ () C:\Users\Public\Desktop\Tunngle.lnk
2015-01-31 19:21 - 2015-01-31 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-01-31 19:19 - 2015-01-31 19:19 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-01-30 17:52 - 2015-01-30 17:52 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-01-30 17:52 - 2015-01-30 17:52 - 00000000 ____D () C:\Users\happycat\AppData\Local\FluxSoftware
2015-01-30 17:51 - 2015-01-30 17:51 - 00597304 _____ () C:\Users\happycat\Desktop\flux-setup.exe
2015-01-29 18:43 - 2015-01-29 18:43 - 00000000 _____ () C:\Users\happycat\Desktop\New Text Document (2).txt
2015-01-28 21:02 - 2015-01-28 21:02 - 00000000 ____D () C:\Users\happycat\Documents\Larian Studios
2015-01-27 21:51 - 2015-02-08 11:08 - 00000000 ____D () C:\Users\happycat\AppData\Local\ftblauncher
2015-01-27 21:51 - 2015-01-27 21:52 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\ftblauncher
2015-01-27 21:51 - 2015-01-27 21:51 - 00000000 ____D () C:\ProgramData\Sun
2015-01-27 21:51 - 2015-01-27 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 21:49 - 2015-01-27 21:49 - 06619054 _____ () C:\Users\happycat\Desktop\FTB_Launcher.exe
2015-01-26 10:56 - 2015-01-26 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 22:12 - 2015-01-23 22:15 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\OBS
2015-01-23 22:12 - 2015-01-23 22:12 - 00000939 _____ () C:\Users\happycat\Desktop\Open Broadcaster Software.lnk
2015-01-23 22:12 - 2015-01-23 22:12 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-01-23 22:09 - 2015-01-23 22:12 - 00000000 ____D () C:\Program Files\OBS
2015-01-23 22:09 - 2015-01-23 22:12 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-23 22:09 - 2015-01-23 22:09 - 07516302 _____ () C:\Users\happycat\Desktop\OBS_0_64b_Installer.exe
2015-01-22 22:14 - 2015-01-22 22:14 - 03125280 _____ () C:\Users\happycat\Desktop\1421204850651.webm
2015-01-22 22:14 - 2015-01-22 22:14 - 02618171 _____ () C:\Users\happycat\Desktop\1421204802565.webm
2015-01-19 13:29 - 2015-01-19 13:29 - 00053616 _____ () C:\Users\happycat\Desktop\The Last of Us - Main Theme.rar
2015-01-19 13:09 - 2015-01-19 13:09 - 00003059 _____ () C:\Users\happycat\Desktop\Main Theme - The Last of Us EX MIDI_0.mid
2015-01-13 13:01 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 13:01 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 13:01 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 13:01 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 13:01 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 13:01 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 13:01 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:21 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:21 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:21 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:21 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:21 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:21 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 13:31 - 2014-05-16 20:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 13:27 - 2009-07-13 20:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 13:27 - 2009-07-13 20:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 13:26 - 2009-07-13 21:13 - 00006416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 13:24 - 2013-06-25 00:11 - 01760659 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 13:21 - 2013-09-22 09:30 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Dropbox
2015-02-09 13:20 - 2014-03-19 19:56 - 00146369 _____ () C:\Windows\setupact.log
2015-02-09 13:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 13:04 - 2014-03-19 19:56 - 00012954 _____ () C:\Windows\PFRO.log
2015-02-09 13:03 - 2013-06-25 12:42 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\uTorrent
2015-02-09 12:06 - 2014-12-12 11:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 17:29 - 2013-06-25 13:44 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Mumble
2015-02-05 22:07 - 2013-09-14 19:35 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Tunngle
2015-02-04 19:06 - 2014-12-12 11:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:06 - 2013-06-25 13:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 19:06 - 2013-06-25 13:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 23:32 - 2014-05-23 09:53 - 00167807 _____ () C:\Windows\DirectX.log
2015-02-01 22:59 - 2013-11-08 19:21 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-01 22:59 - 2013-06-25 01:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-01 22:55 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-01 19:07 - 2009-07-13 21:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-29 18:44 - 2015-01-03 01:35 - 00000041 _____ () C:\Users\happycat\Desktop\imdisk.cmd
2015-01-27 15:08 - 2013-06-24 23:45 - 00000000 ____D () C:\Users\happycat
2015-01-26 15:50 - 2013-06-25 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 20:33 - 2014-05-13 16:23 - 00000000 ____D () C:\Users\happycat\Documents\My Recordings

==================== Files in the root of some directories =======

2013-10-05 18:00 - 2013-11-23 21:08 - 0001064 _____ () C:\Users\happycat\AppData\Roaming\SpeedRunnersLog.txt
2013-06-25 15:20 - 2013-06-25 15:20 - 0000096 _____ () C:\Users\happycat\AppData\Local\fusioncache.dat
2014-11-01 12:16 - 2014-11-01 12:16 - 0000000 ___SH () C:\Users\happycat\AppData\Local\LumaEmu

Some content of TEMP:
====================
C:\Users\happycat\AppData\Local\Temp\dllnt_dump.dll
C:\Users\happycat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprergnl.dll
C:\Users\happycat\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 19:20

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-09 13:55:50
-----------------------------
13:55:50.272 OS Version: Windows x64 6.1.7601 Service Pack 1
13:55:50.272 Number of processors: 4 586 0x2A07
13:55:50.272 ComputerName: HAPPYCAT-PC UserName: happycat
13:55:50.401 Initialize success
13:55:50.425 VM: initialized successfully
13:55:50.426 VM: Intel CPU BiosDisabled
13:56:43.824 AVAST engine defs: 15020900
13:56:57.610 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:56:57.611 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152626MB BusType: 3
13:56:57.614 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
13:56:57.615 Disk 1 Vendor: M4-CT064M4SSD2 070H Size: 61057MB BusType: 3
13:56:57.616 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
13:56:57.617 Disk 2 Vendor: ST3160023AS 8.05 Size: 152626MB BusType: 3
13:56:57.619 Disk 1 MBR read successfully
13:56:57.621 Disk 1 MBR scan
13:56:57.624 Disk 1 Windows 7 default MBR code
13:56:57.625 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 61055 MB offset 2048
13:56:57.630 Disk 1 scanning C:\Windows\system32\drivers
13:56:59.697 Service scanning
13:57:05.795 Modules scanning
13:57:05.797 Disk 1 trace - called modules:
13:57:05.801 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006e112c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:57:05.804 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800751a060]
13:57:05.806 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa8007308520]
13:57:05.809 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8007304680]
13:57:05.811 \Driver\atapi[0xfffffa8006f39af0] -> IRP_MJ_CREATE -> 0xfffffa8006e112c0
13:57:05.962 AVAST engine scan C:\Windows
13:57:06.322 AVAST engine scan C:\Windows\system32
13:58:02.970 AVAST engine scan C:\Windows\system32\drivers
13:58:05.735 AVAST engine scan C:\Users\happycat
13:59:05.920 AVAST engine scan C:\ProgramData
13:59:12.121 Disk 1 statistics 4949790/0/0 @ 44.70 MB/s
13:59:12.125 Scan finished successfully
13:59:43.588 Disk 1 MBR has been saved successfully to "C:\Users\happycat\Desktop\MBR.dat"
13:59:43.590 The log file has been saved successfully to "C:\Users\happycat\Desktop\aswMBR.txt"

Juliet
2015-02-10, 20:15
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
FF NetworkProxy: "http", "202.85.215.250"
FF NetworkProxy: "http_port", 8080
C:\Users\happycat\AppData\Local\Temp\dllnt_dump.dll
C:\Users\happycat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprergnl.dll
C:\Users\happycat\AppData\Local\Temp\ose00000.exe
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~`

If there are Internet issues after running the above script using FRST:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari


~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

Please post
Fixlog.txt
AdwCleaner.txt

jamesth
2015-02-12, 07:03
Thanks Juliet

Juliet
2015-02-12, 12:21
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************

tell me what the computer is doing now.

jamesth
2015-02-13, 09:20
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/12/2015
Scan Time: 11:15:54 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.13.02
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: happycat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358948
Time Elapsed: 3 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2015-02-13, 13:47
Tell me what the computer is doing now?

jamesth
2015-02-18, 10:20
Error during check!: Win32.Adload.jm [7 - $AFC12AB3] (Out of memory) (Status)


Error during check!: Virtumonde [245 - $7390885E] (Out of memory) (Status)


Error during check!: Virtumonde [845 - $4A9C6736] (Out of memory) (Status)


Congratulations!: No immediate threats were found. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe
2009-01-26 SDFiles.exe
2009-01-26 SDMain.exe
2009-01-26 SDUpdate.exe
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe
2015-02-09 unins000.exe
2009-01-26 Update.exe
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-11-28 Includes\Adware-000.sbi (*)
2014-12-05 Includes\Adware-001.sbi (*)
2015-02-10 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-07-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-02-10 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-02-10 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-12-04 Includes\Spyware-000.sbi (*)
2014-12-09 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-10-02 Includes\Trojans-005.sbi (*)
2014-09-02 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-11-03 Includes\Trojans-009.sbi (*)
2015-02-10 Includes\Trojans-C.sbi (*)
2014-04-25 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-13 Includes\Trojans-VM-025.sbi (*)
2014-01-13 Includes\Trojans-VM-026.sbi (*)
2014-10-06 Includes\Trojans-ZB-000.sbi (*)
2014-10-27 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Juliet
2015-02-18, 13:55
I really didn't need a SpyBot scan.

How is your computer now?

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

jamesth
2015-02-22, 00:45
I'm still getting out of memory errors when I scan with spybot.


D:\archer\DA.iso a variant of Win32/Packed.VMProtect.AAA trojan
D:\Qoobox\Quarantine\D\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f63rz0g7.default\extensions\{b8b58f0d-0d6e-4d56-93e0-2daa8f0da1a2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
D:\Qoobox\Quarantine\D\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f63rz0g7.default\extensions\{b8b58f0d-0d6e-4d56-93e0-2daa8f0da1a2}\chrome\xulcache.jar.vir JS/Agent.NDO trojan
D:\Users\happycat\AppData\Local\Mozilla\Firefox\Profiles\o21d8blp.default\Cache\9\95\830C3d01 Win32/Toolbar.Conduit potentially unwanted application
E:\Backup\utorrent.exe a variant of Win32/Bunndle potentially unsafe application
E:\Users\Happycat\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application
Operating memory a variant of Win32/Bunndle potentially unsafe application

Juliet
2015-02-22, 14:36
You have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)



**********
D:\archer\DA.iso
The above I think will have to be removed manually, I can set it up to be removed for deletion but if it's a tool or application it wont work.
I don't know if it's for an ISO burner, ISO file, Camera ISO, Power ISO?


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


start
CloseProcesses:
D:\archer\DA.iso
D:\Users\happycat\AppData\Local\Mozilla\Firefox\Profiles\o21d8blp.default\Cache\9\95\830C3d01
E:\Backup\utorrent.exe
E:\Users\Happycat\AppData\Roaming\uTorrent
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


For the error using SpyBot, try booting into safe mode and run it again from there.

Juliet
2015-03-03, 15:56
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.