Win32.adload.jm + Virtumonde (out of memory) malware found by SpyBot 1.6.2 today

**Juliet** · 2015-12-06, 12:49

Forum Policy
I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.

Besides it being illegal, cracked/keygens are one of the fastest ways of infecting your system, 100% of Cracked/KeyGen software contains some form of malicious code. This forum as well as most of the other malware removal forums do not support the use of illegal software.

In the future, if asking for help and illegal software is found, help would be denied.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Flip PDF Professional\Load_FlipPDFProfessional.exe
C:\Users\Plumo\Downloads\avc-free.exe
C:\Users\Plumo\Downloads\cdbxp_setup_4.5.4.5306.exe
C:\Users\Plumo\Downloads\SolveigMM_AVI_Trimmer_2_1_1407_1.exe
C:\Users\Plumo\Downloads\SopCast\Setup-SopCast-3.9.2-2014-7-10.exe
F:\Orbit downloader\OrbitSetup4.1.02.exe
F:\Seagate Sync\VOL\My Documents\torrents temporaires\Nero 8 Ultra Edition 8.3.6.0\Nero-8.3.6.0_fra_trial.exe
G:\Boilsoft VDO joiner -crack\Boilsoft-Video-Joiner-7.01.2-Patch_www.PlusCrack.com.rar
G:\Hauppauge 1600-driver\hvr-1600_installer.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 11.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 127.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 7.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 8.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 9.zip
G:\Stéphanie-boutte\Voice-ep2\FreeVideoDub205.exe
G:\Torrents-2\O2ACK1.3.7z
G:\Torrents-2\Ap.PDF.to.Image.Converter.v4.1.Incl.Keygen-ViRiLiTY\vrlap41a.zip
G:\Torrents-2\DU Meter v6.05 + Patch\Patch\Patch.exe
G:\Torrents-2\Easy file FTP server 3.2\Keymaker\Keymaker.exe
G:\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader.tgz
G:\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\Loader\Load_FlipPDFProfessional.exe
G:\win7-Arium V7\ChewWGAbyGstar.rar.zip
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~

How is the computer now?

**Plumo** · 2015-12-06, 16:42

Well, nobody's perfect and these warez files were from long time backup, 3 years ago If I remember well...

FRST report:
Résultats de correction de Farbar Recovery Scan Tool (x64) Version:05-12-2015
Exécuté par Plumo (2015-12-06 10:20:56) Run:2
Exécuté depuis C:\Users\Plumo\Desktop
Profils chargés: Plumo (Profils disponibles: Plumo)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
tart
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Flip PDF Professional\Load_FlipPDFProfessional.exe
C:\Users\Plumo\Downloads\avc-free.exe
C:\Users\Plumo\Downloads\cdbxp_setup_4.5.4.5306.exe
C:\Users\Plumo\Downloads\SolveigMM_AVI_Trimmer_2_1_1407_1.exe
C:\Users\Plumo\Downloads\SopCast\Setup-SopCast-3.9.2-2014-7-10.exe
F:\Orbit downloader\OrbitSetup4.1.02.exe
F:\Seagate Sync\VOL\My Documents\torrents temporaires\Nero 8 Ultra Edition 8.3.6.0\Nero-8.3.6.0_fra_trial.exe
G:\Boilsoft VDO joiner -crack\Boilsoft-Video-Joiner-7.01.2-Patch_www.PlusCrack.com.rar
G:\Hauppauge 1600-driver\hvr-1600_installer.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 11.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 127.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 7.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 8.zip
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 9.zip
G:\Stéphanie-boutte\Voice-ep2\FreeVideoDub205.exe
G:\Torrents-2\O2ACK1.3.7z
G:\Torrents-2\Ap.PDF.to.Image.Converter.v4.1.Incl.Keygen-ViRiLiTY\vrlap41a.zip
G:\Torrents-2\DU Meter v6.05 + Patch\Patch\Patch.exe
G:\Torrents-2\Easy file FTP server 3.2\Keymaker\Keymaker.exe
G:\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader.tgz
G:\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\Loader\Load_FlipPDFProfessional.exe
G:\win7-Arium V7\ChewWGAbyGstar.rar.zip
EmptyTemp:
Hosts:
End
*****************

tart => Erreur: Pas de correction automatique trouvée pour cet élément.
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
C:\Program Files (x86)\Flip PDF Professional\Load_FlipPDFProfessional.exe => déplacé(es) avec succès
C:\Users\Plumo\Downloads\avc-free.exe => déplacé(es) avec succès
C:\Users\Plumo\Downloads\cdbxp_setup_4.5.4.5306.exe => déplacé(es) avec succès
C:\Users\Plumo\Downloads\SolveigMM_AVI_Trimmer_2_1_1407_1.exe => déplacé(es) avec succès
C:\Users\Plumo\Downloads\SopCast\Setup-SopCast-3.9.2-2014-7-10.exe => déplacé(es) avec succès
F:\Orbit downloader\OrbitSetup4.1.02.exe => déplacé(es) avec succès
F:\Seagate Sync\VOL\My Documents\torrents temporaires\Nero 8 Ultra Edition 8.3.6.0\Nero-8.3.6.0_fra_trial.exe => déplacé(es) avec succès
G:\Boilsoft VDO joiner -crack\Boilsoft-Video-Joiner-7.01.2-Patch_www.PlusCrack.com.rar => déplacé(es) avec succès
G:\Hauppauge 1600-driver\hvr-1600_installer.zip => déplacé(es) avec succès
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 11.zip => déplacé(es) avec succès
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 127.zip => déplacé(es) avec succès
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 7.zip => déplacé(es) avec succès
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 8.zip => déplacé(es) avec succès
G:\PLUMO-PC\Backup Set 2015-09-20 211032\Backup Files 2015-09-20 211032\Backup files 9.zip => déplacé(es) avec succès
G:\Stéphanie-boutte\Voice-ep2\FreeVideoDub205.exe => déplacé(es) avec succès
G:\Torrents-2\O2ACK1.3.7z => déplacé(es) avec succès
G:\Torrents-2\Ap.PDF.to.Image.Converter.v4.1.Incl.Keygen-ViRiLiTY\vrlap41a.zip => déplacé(es) avec succès
G:\Torrents-2\DU Meter v6.05 + Patch\Patch\Patch.exe => déplacé(es) avec succès
G:\Torrents-2\Easy file FTP server 3.2\Keymaker\Keymaker.exe => déplacé(es) avec succès
G:\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader.tgz => déplacé(es) avec succès
G:\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\Loader\Load_FlipPDFProfessional.exe => déplacé(es) avec succès
G:\win7-Arium V7\ChewWGAbyGstar.rar.zip => déplacé(es) avec succès
C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès
Hosts restauré(es) avec succès.
EmptyTemp: => 349.1 MB données temporaires supprimées.

Le système a dû redémarrer.

==== Fin de Fixlog 10:21:58 ====

_______________

After a new SPB test, adload.jm still there and 3 Virtumonde (245-845-846)....
This is uncanny!
Where can it be located?

Should I uninstall SpyBot 1.6.2 and reinstall iy before a new check?

Plumo

**Plumo** · 2015-12-06, 17:23

After another check with SpyBot 1.6.2, no more adload.jm but 3 Virtumonde (245-845-547).
I also made a Hijackthis check; maybe it could help you.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:16:14, on 2015-12-06
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)

FIREFOX: 42.0 (x86 fr)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Plumo\Desktop\sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PDF Architect Helper - {691B33B0-B86E-47F3-81C7-56E4FE3B929C} - C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2979BA9A-B950-4D02-A0B3-239DB61FDAEE}: NameServer = 74.116.184.9,74.116.184.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{2979BA9A-B950-4D02-A0B3-239DB61FDAEE}: NameServer = 74.116.184.9,74.116.184.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{2979BA9A-B950-4D02-A0B3-239DB61FDAEE}: NameServer = 74.116.184.9,74.116.184.8
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Abrosoft: Abrosoft FantaMorph update permissions manager. 12810. - Unknown owner - C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Pare-feu AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PDF Architect 2 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\ws.exe
O23 - Service: PDF Architect 2 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
O23 - Service: pdfforge CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spouleur d’impression (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 26839 bytes

__________

Merci!

We'll find it!

Plumo

**Juliet** · 2015-12-06, 20:09

Well, nobody's perfect and these warez files were from long time backup, 3 years ago If I remember well...

It's my job to tell you of the dangers by using programs that can install malware to you unknowingly. I was taught this way and some people have learned their children have placed this on the computers and they never knew.
What if you did not know what could happen?

I'm not sure but I think those entries that are still showing up can be in system restore points. I cannot guarantee this it's just a thought.

Let's purge restore points.

How to remove all System Restore points except the most recent one.

Click Start > All Programs > Accessories > System Tools > Click Disc Cleanup

Now launch this utility and click More Options tab. Under which click System Restore and followed by that click Clean Up tab a message will popup -
Are you sure you want to delete all but the most recent restore point? Click Yes then OK .
Finally another message will popup-Are you sure you want to perform these actions? Click Yes.
Now, all the System Restore points except the most recent one are cleaned. As a result there will be more free space in hard disk.

We may need to uninstall SpyBot then reinstall https://www.safer-networking.org/dl/

**Plumo** · 2015-12-07, 07:32

Allo!
First, I uninstalled SPB 1.6.2 (but got "system error message code 1060") & SPB 2.4
I used CCleaner and then deleted the old folders.
Then I deleted old restoration points as you suggested.
I tried to reinstalled SPB 1.6.2 which was my fav but an error message occured saying the "unable to connect fron unsecured network to secure network. I tried this two times with no success so i installed SPB 2.4 and runned a full scan. Progz runned full time (1h20minutes) and found this:
_____
First scan
Search results from Spybot - Search & Destroy

2015-12-07 00:58:45
Scan took 01:21:05.
17 items found.

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Plumo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCDQEYJQ\secureinclude.ebaystatic.com\ebayLSO.sol
Properties.size=131
Properties.md5=B07E249F29A6F0EEDE28F96D924503E9
Properties.filedate=1449462767
Properties.filedatetext=2015-12-06 23:32:47

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Plumo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCDQEYJQ\secureinclude.ebaystatic.com\ebayT.sol
Properties.size=39
Properties.md5=B43F43445AA3414DDC22EC80FBB22871
Properties.filedate=1449462767
Properties.filedatetext=2015-12-06 23:32:47

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file (File, nothing done)
C:\Users\Plumo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCDQEYJQ\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=76
Properties.md5=381603B516ABC2768F2EE0AB05E0D105
Properties.filedate=1449462757
Properties.filedatetext=2015-12-06 23:32:37

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1554290505-1184955759-1297804211-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1554290505-1184955759-1297804211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Browser: Cache (3) (Browser: Cache, nothing done)

Historique: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (127) (Browser: Cookie, nothing done)

Gen:Trojan.Heur.ouW@!d5uqwj: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Boilsoft VDO joiner -crack\Boilsoft-Video-Joiner-7.01.2-Patch_www.PlusCrack.com.rar.xBAD
Properties.size=11047594
Properties.md5=176092F23EDB281A287A3CEC17AD4D71
Properties.filedate=1352846208
Properties.filedatetext=2012-11-13 17:36:47

Trojan.Hacktool.Sqlcrack.Q: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\C\Program Files (x86)\Flip PDF Professional\Load_FlipPDFProfessional.exe.xBAD
Properties.size=23176
Properties.md5=410D3A682504F0CAE304A058E141BF6F
Properties.filedate=1391420650
Properties.filedatetext=2014-02-03 04:44:10

Trojan.Generic.6156673: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Torrents-2\Ap.PDF.to.Image.Converter.v4.1.Incl.Keygen-ViRiLiTY\vrlap41a.zip.xBAD
Properties.size=2168077
Properties.md5=94C1B7A5C14100DA9D3F7F85BDBB47DB
Properties.filedate=1363211849
Properties.filedatetext=2013-03-13 16:57:28

Trojan.Hacktool.Sqlcrack.Q: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader.tgz.xBAD
Properties.size=64510358
Properties.md5=33E240F0E5031B72837CBEEF532E247F
Properties.filedate=1426603297
Properties.filedatetext=2015-03-17 09:41:36

Trojan.Hacktool.Sqlcrack.Q: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\Loader\Load_FlipPDFProfessional.exe.xBAD
Properties.size=23176
Properties.md5=410D3A682504F0CAE304A058E141BF6F
Properties.filedate=1391420650
Properties.filedatetext=2014-02-03 04:44:10

--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-09-03 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update-2015b.exe (2.4.40.0)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-10-01 spybotsd2-install-scannerservice.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2015-12-06 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2015-12-06 SDLicense.dll (2.3.39.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2015-12-02 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-12-02 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-12-02 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2015-08-12 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-12-02 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

____________
After the corrections were made;
Search results from Spybot - Search & Destroy

2015-12-07 01:04:10
Scan took 01:21:05.
17 items found.

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Plumo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCDQEYJQ\secureinclude.ebaystatic.com\ebayLSO.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Plumo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCDQEYJQ\secureinclude.ebaystatic.com\ebayT.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file (File, nothing done)
C:\Users\Plumo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCDQEYJQ\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1554290505-1184955759-1297804211-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1554290505-1184955759-1297804211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Browser: Cache (3) (Browser: Cache, nothing done)

Historique: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (127) (Browser: Cookie, nothing done)

Gen:Trojan.Heur.ouW@!d5uqwj: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Boilsoft VDO joiner -crack\Boilsoft-Video-Joiner-7.01.2-Patch_www.PlusCrack.com.rar.xBAD
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Trojan.Hacktool.Sqlcrack.Q: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\C\Program Files (x86)\Flip PDF Professional\Load_FlipPDFProfessional.exe.xBAD
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Trojan.Generic.6156673: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Torrents-2\Ap.PDF.to.Image.Converter.v4.1.Incl.Keygen-ViRiLiTY\vrlap41a.zip.xBAD
Properties.size=2070274
Properties.md5=1532E433183B227C5C162E59F7FF58AA
Properties.filedate=1449468221
Properties.filedatetext=2015-12-07 01:03:41

Trojan.Hacktool.Sqlcrack.Q: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader.tgz.xBAD
Properties.size=64489592
Properties.md5=68705D479F689168E2E4275141DAB997
Properties.filedate=1449468158
Properties.filedatetext=2015-12-07 01:02:38

Trojan.Hacktool.Sqlcrack.Q: [SBI $SpybotAV] Executable (File, nothing done)
C:\FRST\Quarantine\G\Torrents-Upload\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\FlipBuilder Flip PDF Professional 1.10.3 + Loader\Loader\Load_FlipPDFProfessional.exe.xBAD
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-09-03 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update-2015b.exe (2.4.40.0)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-10-01 spybotsd2-install-scannerservice.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2015-12-06 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2015-12-06 SDLicense.dll (2.3.39.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2015-12-02 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-12-02 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-12-02 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2015-08-12 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-12-02 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

_____________

No more Virtumonde showed nor any other messages.
It seems to be clean now.

Now, few questions;
I am used to work with AVG Internet Security and Spybot as protections, should I keep them or which programas combos should i look at for a better protection?
What just happenned here never happenned to me since many many years, I guess I was using ZA at that time.
I am not a Pro tech but not a newbie either..
What will be your suggestions?

And finally, merci for your time and advices, it was very fun to do all that stuff, I love to work into my machine...

Plumo
Montréal

**Juliet** · 2015-12-07, 12:16

It's a good thing we removed restore points because that is where the so called infections were hiding. They were actually bad restore points.
What Spybot found in those last scans (after installing the current version) was Usage Tracks,and some may return as you use your computer,even if they were fixed originally.

What appeared to be infections were already held in quarantine.

Gen:Trojan.Heur.ouW@!d5uqwj:==> C:\FRST\Quarantine
Trojan.Hacktool.Sqlcrack.Q:==> C:\FRST\Quarantine
Trojan.Generic.6156673::==> C:\FRST\Quarantine
Trojan.Hacktool.Sqlcrack.Q:==> C:\FRST\Quarantine

When I remove tools and quarantine folders I'll also supply topics on prevention. From there you make a decision which might be best for your machine.

So, let's do this now.

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

ComboFix /Uninstall

Note the space between the x and the /U, it needs to be there.

~~~~~~~~~~~~

DelFix

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~`

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malwareby quietman7, MVP

The following programmes come highly recommended in the security community.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom and learn how.

**Plumo** · 2015-12-07, 16:53

Allo!

So far, so good.
Everything seems to run ok, even if it was running ok before all our tweaks!

Happy holidays to you et merci!

Plumo

**Juliet** · 2015-12-07, 22:23

We are glad to help.

**Juliet** · 2015-12-08, 21:51

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Thread: Win32.adload.jm + Virtumonde (out of memory) malware found by SpyBot 1.6.2 today

Thread Tools

Display

Posting Permissions