Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Error during Check (Out of Memory)

  1. #1
    Junior Member
    Join Date
    Feb 2015
    Posts
    5

    Default Error during Check (Out of Memory)

    Hi there,

    I've been trying to scan with spybot. However everytime I do so, I get a Error during check for certain items. I'm not sure how to proceed. Thanks. I have also scanned with Malwarebytes, Roguekiller and Kaspersky tdsskiller, but found nothing.


    --- Report generated: 2015-02-09 13:40 ---

    Error during check!: Win32.Adload.jm [7 - $AFC12AB3] (Out of memory) (Status)


    Error during check!: Virtumonde [245 - $7390885E] (Out of memory) (Status)


    Error during check!: Virtumonde [845 - $4A9C6736] (Out of memory) (Status)


    Error during check!: Virtumonde [547 - $EA212551] (Out of memory) (Status)


    Congratulations!: No immediate threats were found. (Status)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by happycat (administrator) on HAPPYCAT-PC on 09-02-2015 13:52:42
    Running from C:\Users\happycat\Desktop
    Loaded Profiles: happycat (Available profiles: happycat)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    () C:\Windows\SysWOW64\HsMgr.exe
    () C:\Windows\system\HsMgr64.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    () C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\Razer Barracuda AC-1 Gaming Audio card.exe
    (Flux Software LLC) C:\Users\happycat\AppData\Local\FluxSoftware\Flux\flux.exe
    (Dropbox, Inc.) C:\Users\happycat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
    HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
    HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
    HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.cpl,CMICtrlWnd
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
    HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Razer Barracuda AC-1 Gaming Audio Card] => C:\Program Files (x86)\Razer Barracuda AC-1 Gaming Audio Card\Razer Barracuda AC-1 Gaming Audio card.exe [1205248 2010-03-02] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
    HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [f.lux] => C:\Users\happycat\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    Startup: C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\happycat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2196593836-3544978208-278226143-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.7.23

    FireFox:
    ========
    FF ProfilePath: C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default
    FF DefaultSearchEngine: Google
    FF NetworkProxy: "http", "202.85.215.250"
    FF NetworkProxy: "http_port", 8080
    FF NetworkProxy: "no_proxies_on", ""
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2196593836-3544978208-278226143-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\happycat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Extension: YouTube Auto Replay - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\YouTubeAutoReplay@arikv.com.xpi [2013-10-22]
    FF Extension: StumbleUpon - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-07-05]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-07-18]
    FF Extension: Adblock Plus - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
    FF Extension: Greasemonkey - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-28]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-12-17] (Olof Lagerkvist)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-18] (Microsoft Corporation)
    S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
    S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-11] ()
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
    S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-12-14] (Olof Lagerkvist)
    R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1038336 2007-03-26] (Razer)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-31] (Disc Soft Ltd)
    R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [43584 2014-12-17] (Olof Lagerkvist)
    R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-31] (Duplex Secure Ltd.)
    R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-09] ()
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-09 13:52 - 2015-02-09 13:52 - 00014727 _____ () C:\Users\happycat\Desktop\FRST.txt
    2015-02-09 13:51 - 2015-02-09 13:52 - 00000000 ____D () C:\FRST
    2015-02-09 13:51 - 2015-02-09 13:51 - 02132992 _____ (Farbar) C:\Users\happycat\Desktop\FRST64.exe
    2015-02-09 13:51 - 2015-02-09 13:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAPPYCAT-PC-Windows-7-Ultimate-(64-bit).dat
    2015-02-09 13:51 - 2015-02-09 13:51 - 00000000 ____D () C:\RegBackup
    2015-02-09 13:50 - 2015-02-09 13:50 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-02-09 13:50 - 2015-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-09 13:50 - 2015-02-09 13:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-02-09 13:49 - 2015-02-09 13:49 - 04804736 _____ () C:\Users\happycat\Desktop\tweaking.com_registry_backup_setup.exe
    2015-02-09 13:28 - 2015-02-09 13:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-02-09 13:28 - 2015-02-09 13:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-02-09 13:28 - 2015-02-09 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2015-02-09 13:27 - 2015-02-09 13:27 - 16409960 _____ (Safer Networking Limited ) C:\Users\happycat\Downloads\spybotsd162.exe
    2015-02-09 12:51 - 2015-02-09 13:11 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-09 12:51 - 2015-02-09 12:51 - 18570328 _____ () C:\Users\happycat\Desktop\RogueKillerX64.exe
    2015-02-09 12:51 - 2015-02-09 12:51 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-09 12:48 - 2015-02-09 12:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\happycat\Desktop\tdsskiller.exe
    2015-02-02 10:16 - 2015-02-02 10:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2015-02-02 10:16 - 2015-02-02 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-02-02 10:16 - 2015-02-02 10:16 - 00000000 ____D () C:\Program Files\Java
    2015-02-02 10:12 - 2015-02-02 10:12 - 00035194 _____ () C:\Users\happycat\Desktop\replay_pid1384.log
    2015-02-02 10:12 - 2015-02-02 10:12 - 00029353 _____ () C:\Users\happycat\Desktop\hs_err_pid1384.log
    2015-02-01 22:59 - 2015-02-01 22:59 - 00000915 _____ () C:\Users\Public\Desktop\Smite.lnk
    2015-02-01 22:59 - 2015-02-01 22:59 - 00000906 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
    2015-02-01 22:59 - 2015-02-01 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
    2015-02-01 22:55 - 2015-02-01 22:55 - 00009607 _____ () C:\Users\happycat\Documents\Uninstall Dragon Age 2.log
    2015-02-01 22:54 - 2015-02-01 22:55 - 46660424 _____ (Hi-Rez Studios) C:\Users\happycat\Desktop\InstallSmite.exe
    2015-01-31 19:21 - 2015-02-05 22:07 - 00000000 ____D () C:\ProgramData\Tunngle
    2015-01-31 19:21 - 2015-01-31 19:21 - 00000706 _____ () C:\Users\Public\Desktop\Tunngle.lnk
    2015-01-31 19:21 - 2015-01-31 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
    2015-01-31 19:19 - 2015-01-31 19:19 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
    2015-01-30 17:52 - 2015-01-30 17:52 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
    2015-01-30 17:52 - 2015-01-30 17:52 - 00000000 ____D () C:\Users\happycat\AppData\Local\FluxSoftware
    2015-01-30 17:51 - 2015-01-30 17:51 - 00597304 _____ () C:\Users\happycat\Desktop\flux-setup.exe
    2015-01-29 18:43 - 2015-01-29 18:43 - 00000000 _____ () C:\Users\happycat\Desktop\New Text Document (2).txt
    2015-01-28 21:02 - 2015-01-28 21:02 - 00000000 ____D () C:\Users\happycat\Documents\Larian Studios
    2015-01-27 21:51 - 2015-02-08 11:08 - 00000000 ____D () C:\Users\happycat\AppData\Local\ftblauncher
    2015-01-27 21:51 - 2015-01-27 21:52 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\ftblauncher
    2015-01-27 21:51 - 2015-01-27 21:51 - 00000000 ____D () C:\ProgramData\Sun
    2015-01-27 21:51 - 2015-01-27 21:51 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-27 21:49 - 2015-01-27 21:49 - 06619054 _____ () C:\Users\happycat\Desktop\FTB_Launcher.exe
    2015-01-26 10:56 - 2015-01-26 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-23 22:12 - 2015-01-23 22:15 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\OBS
    2015-01-23 22:12 - 2015-01-23 22:12 - 00000939 _____ () C:\Users\happycat\Desktop\Open Broadcaster Software.lnk
    2015-01-23 22:12 - 2015-01-23 22:12 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
    2015-01-23 22:09 - 2015-01-23 22:12 - 00000000 ____D () C:\Program Files\OBS
    2015-01-23 22:09 - 2015-01-23 22:12 - 00000000 ____D () C:\Program Files (x86)\OBS
    2015-01-23 22:09 - 2015-01-23 22:09 - 07516302 _____ () C:\Users\happycat\Desktop\OBS_0_64b_Installer.exe
    2015-01-22 22:14 - 2015-01-22 22:14 - 03125280 _____ () C:\Users\happycat\Desktop\1421204850651.webm
    2015-01-22 22:14 - 2015-01-22 22:14 - 02618171 _____ () C:\Users\happycat\Desktop\1421204802565.webm
    2015-01-19 13:29 - 2015-01-19 13:29 - 00053616 _____ () C:\Users\happycat\Desktop\The Last of Us - Main Theme.rar
    2015-01-19 13:09 - 2015-01-19 13:09 - 00003059 _____ () C:\Users\happycat\Desktop\Main Theme - The Last of Us EX MIDI_0.mid
    2015-01-13 13:01 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-13 13:01 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-13 13:01 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-13 13:01 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-13 13:01 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-13 13:01 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-13 13:01 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-13 12:21 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 12:21 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 12:21 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 12:21 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 12:21 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 12:21 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-09 13:31 - 2014-05-16 20:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 13:27 - 2009-07-13 20:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-09 13:27 - 2009-07-13 20:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-09 13:26 - 2009-07-13 21:13 - 00006416 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-09 13:24 - 2013-06-25 00:11 - 01760659 _____ () C:\Windows\WindowsUpdate.log
    2015-02-09 13:21 - 2013-09-22 09:30 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Dropbox
    2015-02-09 13:20 - 2014-03-19 19:56 - 00146369 _____ () C:\Windows\setupact.log
    2015-02-09 13:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-09 13:04 - 2014-03-19 19:56 - 00012954 _____ () C:\Windows\PFRO.log
    2015-02-09 13:03 - 2013-06-25 12:42 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\uTorrent
    2015-02-09 12:06 - 2014-12-12 11:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-08 17:29 - 2013-06-25 13:44 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Mumble
    2015-02-05 22:07 - 2013-09-14 19:35 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Tunngle
    2015-02-04 19:06 - 2014-12-12 11:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 19:06 - 2013-06-25 13:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-04 19:06 - 2013-06-25 13:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-01 23:32 - 2014-05-23 09:53 - 00167807 _____ () C:\Windows\DirectX.log
    2015-02-01 22:59 - 2013-11-08 19:21 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
    2015-02-01 22:59 - 2013-06-25 01:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-01 22:55 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-02-01 19:07 - 2009-07-13 21:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-29 18:44 - 2015-01-03 01:35 - 00000041 _____ () C:\Users\happycat\Desktop\imdisk.cmd
    2015-01-27 15:08 - 2013-06-24 23:45 - 00000000 ____D () C:\Users\happycat
    2015-01-26 15:50 - 2013-06-25 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-22 20:33 - 2014-05-13 16:23 - 00000000 ____D () C:\Users\happycat\Documents\My Recordings

    ==================== Files in the root of some directories =======

    2013-10-05 18:00 - 2013-11-23 21:08 - 0001064 _____ () C:\Users\happycat\AppData\Roaming\SpeedRunnersLog.txt
    2013-06-25 15:20 - 2013-06-25 15:20 - 0000096 _____ () C:\Users\happycat\AppData\Local\fusioncache.dat
    2014-11-01 12:16 - 2014-11-01 12:16 - 0000000 ___SH () C:\Users\happycat\AppData\Local\LumaEmu

    Some content of TEMP:
    ====================
    C:\Users\happycat\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\happycat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprergnl.dll
    C:\Users\happycat\AppData\Local\Temp\ose00000.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-03 19:20

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-02-09 13:55:50
    -----------------------------
    13:55:50.272 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:55:50.272 Number of processors: 4 586 0x2A07
    13:55:50.272 ComputerName: HAPPYCAT-PC UserName: happycat
    13:55:50.401 Initialize success
    13:55:50.425 VM: initialized successfully
    13:55:50.426 VM: Intel CPU BiosDisabled
    13:56:43.824 AVAST engine defs: 15020900
    13:56:57.610 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    13:56:57.611 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152626MB BusType: 3
    13:56:57.614 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
    13:56:57.615 Disk 1 Vendor: M4-CT064M4SSD2 070H Size: 61057MB BusType: 3
    13:56:57.616 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
    13:56:57.617 Disk 2 Vendor: ST3160023AS 8.05 Size: 152626MB BusType: 3
    13:56:57.619 Disk 1 MBR read successfully
    13:56:57.621 Disk 1 MBR scan
    13:56:57.624 Disk 1 Windows 7 default MBR code
    13:56:57.625 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 61055 MB offset 2048
    13:56:57.630 Disk 1 scanning C:\Windows\system32\drivers
    13:56:59.697 Service scanning
    13:57:05.795 Modules scanning
    13:57:05.797 Disk 1 trace - called modules:
    13:57:05.801 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006e112c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    13:57:05.804 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800751a060]
    13:57:05.806 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa8007308520]
    13:57:05.809 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8007304680]
    13:57:05.811 \Driver\atapi[0xfffffa8006f39af0] -> IRP_MJ_CREATE -> 0xfffffa8006e112c0
    13:57:05.962 AVAST engine scan C:\Windows
    13:57:06.322 AVAST engine scan C:\Windows\system32
    13:58:02.970 AVAST engine scan C:\Windows\system32\drivers
    13:58:05.735 AVAST engine scan C:\Users\happycat
    13:59:05.920 AVAST engine scan C:\ProgramData
    13:59:12.121 Disk 1 statistics 4949790/0/0 @ 44.70 MB/s
    13:59:12.125 Scan finished successfully
    13:59:43.588 Disk 1 MBR has been saved successfully to "C:\Users\happycat\Desktop\MBR.dat"
    13:59:43.590 The log file has been saved successfully to "C:\Users\happycat\Desktop\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2015-02-10 at 04:51. Reason: Removed Spybot "updates" log, copy pasted two logs into topic

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,574

    Default

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CloseProcesses:
    FF NetworkProxy: "http", "202.85.215.250"
    FF NetworkProxy: "http_port", 8080
    C:\Users\happycat\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\happycat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprergnl.dll
    C:\Users\happycat\AppData\Local\Temp\ose00000.exe
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~`

    • If there are Internet issues after running the above script using FRST:
      Internet Explorer:
      Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
      Firefox:
      Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
      Chrome:
      Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
      Safari


    ~~~~~~~~~~~~~~~~~~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    Please post
    Fixlog.txt
    AdwCleaner.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Feb 2015
    Posts
    5

    Default

    Thanks Juliet
    Attached Files Attached Files

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,574

    Default

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************

    tell me what the computer is doing now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Junior Member
    Join Date
    Feb 2015
    Posts
    5

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/12/2015
    Scan Time: 11:15:54 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.13.02
    Rootkit Database: v2015.02.03.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: happycat

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 358948
    Time Elapsed: 3 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,574

    Default

    Tell me what the computer is doing now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #7
    Junior Member
    Join Date
    Feb 2015
    Posts
    5

    Default

    Error during check!: Win32.Adload.jm [7 - $AFC12AB3] (Out of memory) (Status)


    Error during check!: Virtumonde [245 - $7390885E] (Out of memory) (Status)


    Error during check!: Virtumonde [845 - $4A9C6736] (Out of memory) (Status)


    Congratulations!: No immediate threats were found. (Status)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe
    2009-01-26 SDFiles.exe
    2009-01-26 SDMain.exe
    2009-01-26 SDUpdate.exe
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe
    2015-02-09 unins000.exe
    2009-01-26 Update.exe
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2014-11-28 Includes\Adware-000.sbi (*)
    2014-12-05 Includes\Adware-001.sbi (*)
    2015-02-10 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-11-03 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-24 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2014-11-14 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2014-11-14 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-07-09 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2015-02-10 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2014-01-13 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2015-02-10 Includes\PUPS-C.sbi (*)
    2014-01-13 Includes\PUPS.sbi (*)
    2014-01-13 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-08 Includes\Security.sbi (*)
    2014-01-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2014-12-04 Includes\Spyware-000.sbi (*)
    2014-12-09 Includes\Spyware-001.sbi (*)
    2015-01-14 Includes\Spyware-C.sbi (*)
    2014-01-13 Includes\Spyware.sbi (*)
    2014-01-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-02-26 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2014-01-28 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-10-02 Includes\Trojans-005.sbi (*)
    2014-09-02 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-09 Includes\Trojans-008.sbi (*)
    2014-11-03 Includes\Trojans-009.sbi (*)
    2015-02-10 Includes\Trojans-C.sbi (*)
    2014-04-25 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-01-13 Includes\Trojans-VM-025.sbi (*)
    2014-01-13 Includes\Trojans-VM-026.sbi (*)
    2014-10-06 Includes\Trojans-ZB-000.sbi (*)
    2014-10-27 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2010-03-10 Includes\TrojansC-01.sbi (*)
    2014-01-09 Includes\TrojansC-02.sbi (*)
    2014-01-09 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-09 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,574

    Default

    I really didn't need a SpyBot scan.

    How is your computer now?

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme.
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click . If no threats were found, skip the next two bullet points.
    • Click and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to and click .
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #9
    Junior Member
    Join Date
    Feb 2015
    Posts
    5

    Default

    I'm still getting out of memory errors when I scan with spybot.


    D:\archer\DA.iso a variant of Win32/Packed.VMProtect.AAA trojan
    D:\Qoobox\Quarantine\D\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f63rz0g7.default\extensions\{b8b58f0d-0d6e-4d56-93e0-2daa8f0da1a2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    D:\Qoobox\Quarantine\D\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\f63rz0g7.default\extensions\{b8b58f0d-0d6e-4d56-93e0-2daa8f0da1a2}\chrome\xulcache.jar.vir JS/Agent.NDO trojan
    D:\Users\happycat\AppData\Local\Mozilla\Firefox\Profiles\o21d8blp.default\Cache\9\95\830C3d01 Win32/Toolbar.Conduit potentially unwanted application
    E:\Backup\utorrent.exe a variant of Win32/Bunndle potentially unsafe application
    E:\Users\Happycat\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application
    Operating memory a variant of Win32/Bunndle potentially unsafe application

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,574

    Default

    You have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.



    **********
    D:\archer\DA.iso
    The above I think will have to be removed manually, I can set it up to be removed for deletion but if it's a tool or application it wont work.
    I don't know if it's for an ISO burner, ISO file, Camera ISO, Power ISO?


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
    start
    CloseProcesses:
    D:\archer\DA.iso
    D:\Users\happycat\AppData\Local\Mozilla\Firefox\Profiles\o21d8blp.default\Cache\9\95\830C3d01
    E:\Backup\utorrent.exe
    E:\Users\Happycat\AppData\Roaming\uTorrent
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    For the error using SpyBot, try booting into safe mode and run it again from there.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •