Error during Check (Out of Memory)
Hi there,
I've been trying to scan with spybot. However everytime I do so, I get a Error during check for certain items. I'm not sure how to proceed. Thanks. I have also scanned with Malwarebytes, Roguekiller and Kaspersky tdsskiller, but found nothing.
--- Report generated: 2015-02-09 13:40 ---
Error during check!: Win32.Adload.jm [7 - $AFC12AB3] (Out of memory) (Status)
Error during check!: Virtumonde [245 - $7390885E] (Out of memory) (Status)
Error during check!: Virtumonde [845 - $4A9C6736] (Out of memory) (Status)
Error during check!: Virtumonde [547 - $EA212551] (Out of memory) (Status)
Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by happycat (administrator) on HAPPYCAT-PC on 09-02-2015 13:52:42
Running from C:\Users\happycat\Desktop
Loaded Profiles: happycat (Available profiles: happycat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\Razer Barracuda AC-1 Gaming Audio card.exe
(Flux Software LLC) C:\Users\happycat\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\happycat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.cpl,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Barracuda AC-1 Gaming Audio Card] => C:\Program Files (x86)\Razer Barracuda AC-1 Gaming Audio Card\Razer Barracuda AC-1 Gaming Audio card.exe [1205248 2010-03-02] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [f.lux] => C:\Users\happycat\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\happycat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2196593836-3544978208-278226143-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.7.23
FireFox:
========
FF ProfilePath: C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "http", "202.85.215.250"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2196593836-3544978208-278226143-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\happycat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: YouTube Auto Replay - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\YouTubeAutoReplay@arikv.com.xpi [2013-10-22]
FF Extension: StumbleUpon - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-07-05]
FF Extension: Download YouTube Videos as MP4 - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-07-18]
FF Extension: Adblock Plus - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
FF Extension: Greasemonkey - C:\Users\happycat\AppData\Roaming\Mozilla\Firefox\Profiles\p0ccw5zs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-12-17] (Olof Lagerkvist)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-18] (Microsoft Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-12-14] (Olof Lagerkvist)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1038336 2007-03-26] (Razer)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-31] (Disc Soft Ltd)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [43584 2014-12-17] (Olof Lagerkvist)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-31] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-09] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 13:52 - 2015-02-09 13:52 - 00014727 _____ () C:\Users\happycat\Desktop\FRST.txt
2015-02-09 13:51 - 2015-02-09 13:52 - 00000000 ____D () C:\FRST
2015-02-09 13:51 - 2015-02-09 13:51 - 02132992 _____ (Farbar) C:\Users\happycat\Desktop\FRST64.exe
2015-02-09 13:51 - 2015-02-09 13:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAPPYCAT-PC-Windows-7-Ultimate-(64-bit).dat
2015-02-09 13:51 - 2015-02-09 13:51 - 00000000 ____D () C:\RegBackup
2015-02-09 13:50 - 2015-02-09 13:50 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-09 13:50 - 2015-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-09 13:50 - 2015-02-09 13:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-09 13:49 - 2015-02-09 13:49 - 04804736 _____ () C:\Users\happycat\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-09 13:28 - 2015-02-09 13:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-09 13:28 - 2015-02-09 13:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-09 13:28 - 2015-02-09 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-09 13:27 - 2015-02-09 13:27 - 16409960 _____ (Safer Networking Limited ) C:\Users\happycat\Downloads\spybotsd162.exe
2015-02-09 12:51 - 2015-02-09 13:11 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-09 12:51 - 2015-02-09 12:51 - 18570328 _____ () C:\Users\happycat\Desktop\RogueKillerX64.exe
2015-02-09 12:51 - 2015-02-09 12:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-09 12:48 - 2015-02-09 12:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\happycat\Desktop\tdsskiller.exe
2015-02-02 10:16 - 2015-02-02 10:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-02 10:16 - 2015-02-02 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-02 10:16 - 2015-02-02 10:16 - 00000000 ____D () C:\Program Files\Java
2015-02-02 10:12 - 2015-02-02 10:12 - 00035194 _____ () C:\Users\happycat\Desktop\replay_pid1384.log
2015-02-02 10:12 - 2015-02-02 10:12 - 00029353 _____ () C:\Users\happycat\Desktop\hs_err_pid1384.log
2015-02-01 22:59 - 2015-02-01 22:59 - 00000915 _____ () C:\Users\Public\Desktop\Smite.lnk
2015-02-01 22:59 - 2015-02-01 22:59 - 00000906 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2015-02-01 22:59 - 2015-02-01 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-02-01 22:55 - 2015-02-01 22:55 - 00009607 _____ () C:\Users\happycat\Documents\Uninstall Dragon Age 2.log
2015-02-01 22:54 - 2015-02-01 22:55 - 46660424 _____ (Hi-Rez Studios) C:\Users\happycat\Desktop\InstallSmite.exe
2015-01-31 19:21 - 2015-02-05 22:07 - 00000000 ____D () C:\ProgramData\Tunngle
2015-01-31 19:21 - 2015-01-31 19:21 - 00000706 _____ () C:\Users\Public\Desktop\Tunngle.lnk
2015-01-31 19:21 - 2015-01-31 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-01-31 19:19 - 2015-01-31 19:19 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-01-30 17:52 - 2015-01-30 17:52 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-01-30 17:52 - 2015-01-30 17:52 - 00000000 ____D () C:\Users\happycat\AppData\Local\FluxSoftware
2015-01-30 17:51 - 2015-01-30 17:51 - 00597304 _____ () C:\Users\happycat\Desktop\flux-setup.exe
2015-01-29 18:43 - 2015-01-29 18:43 - 00000000 _____ () C:\Users\happycat\Desktop\New Text Document (2).txt
2015-01-28 21:02 - 2015-01-28 21:02 - 00000000 ____D () C:\Users\happycat\Documents\Larian Studios
2015-01-27 21:51 - 2015-02-08 11:08 - 00000000 ____D () C:\Users\happycat\AppData\Local\ftblauncher
2015-01-27 21:51 - 2015-01-27 21:52 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\ftblauncher
2015-01-27 21:51 - 2015-01-27 21:51 - 00000000 ____D () C:\ProgramData\Sun
2015-01-27 21:51 - 2015-01-27 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 21:49 - 2015-01-27 21:49 - 06619054 _____ () C:\Users\happycat\Desktop\FTB_Launcher.exe
2015-01-26 10:56 - 2015-01-26 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 22:12 - 2015-01-23 22:15 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\OBS
2015-01-23 22:12 - 2015-01-23 22:12 - 00000939 _____ () C:\Users\happycat\Desktop\Open Broadcaster Software.lnk
2015-01-23 22:12 - 2015-01-23 22:12 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-01-23 22:09 - 2015-01-23 22:12 - 00000000 ____D () C:\Program Files\OBS
2015-01-23 22:09 - 2015-01-23 22:12 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-23 22:09 - 2015-01-23 22:09 - 07516302 _____ () C:\Users\happycat\Desktop\OBS_0_64b_Installer.exe
2015-01-22 22:14 - 2015-01-22 22:14 - 03125280 _____ () C:\Users\happycat\Desktop\1421204850651.webm
2015-01-22 22:14 - 2015-01-22 22:14 - 02618171 _____ () C:\Users\happycat\Desktop\1421204802565.webm
2015-01-19 13:29 - 2015-01-19 13:29 - 00053616 _____ () C:\Users\happycat\Desktop\The Last of Us - Main Theme.rar
2015-01-19 13:09 - 2015-01-19 13:09 - 00003059 _____ () C:\Users\happycat\Desktop\Main Theme - The Last of Us EX MIDI_0.mid
2015-01-13 13:01 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 13:01 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 13:01 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 13:01 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 13:01 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 13:01 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 13:01 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:21 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:21 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:21 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:21 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:21 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:21 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 13:31 - 2014-05-16 20:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 13:27 - 2009-07-13 20:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 13:27 - 2009-07-13 20:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 13:26 - 2009-07-13 21:13 - 00006416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 13:24 - 2013-06-25 00:11 - 01760659 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 13:21 - 2013-09-22 09:30 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Dropbox
2015-02-09 13:20 - 2014-03-19 19:56 - 00146369 _____ () C:\Windows\setupact.log
2015-02-09 13:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 13:04 - 2014-03-19 19:56 - 00012954 _____ () C:\Windows\PFRO.log
2015-02-09 13:03 - 2013-06-25 12:42 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\uTorrent
2015-02-09 12:06 - 2014-12-12 11:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 17:29 - 2013-06-25 13:44 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Mumble
2015-02-05 22:07 - 2013-09-14 19:35 - 00000000 ____D () C:\Users\happycat\AppData\Roaming\Tunngle
2015-02-04 19:06 - 2014-12-12 11:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:06 - 2013-06-25 13:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 19:06 - 2013-06-25 13:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 23:32 - 2014-05-23 09:53 - 00167807 _____ () C:\Windows\DirectX.log
2015-02-01 22:59 - 2013-11-08 19:21 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-01 22:59 - 2013-06-25 01:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-01 22:55 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-01 19:07 - 2009-07-13 21:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-29 18:44 - 2015-01-03 01:35 - 00000041 _____ () C:\Users\happycat\Desktop\imdisk.cmd
2015-01-27 15:08 - 2013-06-24 23:45 - 00000000 ____D () C:\Users\happycat
2015-01-26 15:50 - 2013-06-25 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 20:33 - 2014-05-13 16:23 - 00000000 ____D () C:\Users\happycat\Documents\My Recordings
==================== Files in the root of some directories =======
2013-10-05 18:00 - 2013-11-23 21:08 - 0001064 _____ () C:\Users\happycat\AppData\Roaming\SpeedRunnersLog.txt
2013-06-25 15:20 - 2013-06-25 15:20 - 0000096 _____ () C:\Users\happycat\AppData\Local\fusioncache.dat
2014-11-01 12:16 - 2014-11-01 12:16 - 0000000 ___SH () C:\Users\happycat\AppData\Local\LumaEmu
Some content of TEMP:
====================
C:\Users\happycat\AppData\Local\Temp\dllnt_dump.dll
C:\Users\happycat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprergnl.dll
C:\Users\happycat\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 19:20
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-09 13:55:50
-----------------------------
13:55:50.272 OS Version: Windows x64 6.1.7601 Service Pack 1
13:55:50.272 Number of processors: 4 586 0x2A07
13:55:50.272 ComputerName: HAPPYCAT-PC UserName: happycat
13:55:50.401 Initialize success
13:55:50.425 VM: initialized successfully
13:55:50.426 VM: Intel CPU BiosDisabled
13:56:43.824 AVAST engine defs: 15020900
13:56:57.610 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:56:57.611 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152626MB BusType: 3
13:56:57.614 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
13:56:57.615 Disk 1 Vendor: M4-CT064M4SSD2 070H Size: 61057MB BusType: 3
13:56:57.616 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
13:56:57.617 Disk 2 Vendor: ST3160023AS 8.05 Size: 152626MB BusType: 3
13:56:57.619 Disk 1 MBR read successfully
13:56:57.621 Disk 1 MBR scan
13:56:57.624 Disk 1 Windows 7 default MBR code
13:56:57.625 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 61055 MB offset 2048
13:56:57.630 Disk 1 scanning C:\Windows\system32\drivers
13:56:59.697 Service scanning
13:57:05.795 Modules scanning
13:57:05.797 Disk 1 trace - called modules:
13:57:05.801 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006e112c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:57:05.804 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800751a060]
13:57:05.806 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa8007308520]
13:57:05.809 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8007304680]
13:57:05.811 \Driver\atapi[0xfffffa8006f39af0] -> IRP_MJ_CREATE -> 0xfffffa8006e112c0
13:57:05.962 AVAST engine scan C:\Windows
13:57:06.322 AVAST engine scan C:\Windows\system32
13:58:02.970 AVAST engine scan C:\Windows\system32\drivers
13:58:05.735 AVAST engine scan C:\Users\happycat
13:59:05.920 AVAST engine scan C:\ProgramData
13:59:12.121 Disk 1 statistics 4949790/0/0 @ 44.70 MB/s
13:59:12.125 Scan finished successfully
13:59:43.588 Disk 1 MBR has been saved successfully to "C:\Users\happycat\Desktop\MBR.dat"
13:59:43.590 The log file has been saved successfully to "C:\Users\happycat\Desktop\aswMBR.txt"
Attached Files
Last edited by tashi; 2015-02-10 at 04:51 .
Reason: Removed Spybot "updates" log, copy pasted two logs into topic
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules