Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sathurbot trojan - Antivirus programs can't remove it


  • This topic is locked This topic is locked
10 replies to this topic

#1 Masterben

Masterben

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 June 2015 - 08:17 AM

Hi,

 

I've noticed that my ESET Smart Security antivirus suite frequently reports (upon system restart - a few seconds after windows starts) that it has found a "newly created file" which it deems to be a virus or trojan. It reports that it has been quarantined, but if I restart the system again, ESET will find it again, and allegedly quarantines it again. This particular file has been found to be infected at least 5 or more times. Here's a screenshot from my ESET Smart Security log file:

 

http://www.g510keyboard.net/wp-content/misc/logs.jpg

 

 

You can see that it keeps finding the same infected file and tries to clean it, but apparently the cleaning is not successful. When I click for the more info about that file in the logs, I get something like this:

 

 

6/5/2015 11:25:25 AM Real-time file system protection file C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll a variant of Win64/Sathurbot.A trojan cleaned by deleting - quarantined Ether\Etherius Event occurred on a newly created file.

 

 

I've also noticed that that file is impossible to copy to another folder (windows says that it is open in Explorer and hence cannot be copied). I've noticed notifications from ESET that it has prevented a certain web page from being opened. This happens from time to time, and is probably related to the trojan in question.

 

I did a full scan with ESET Smart Sequrity (with in-depth scan settings) but the infection is not found. Only when the system is restarted does ESET find the trojan again.

 

I have Windows 7 64-bit installed on my PC.

 

 

Could someone please help me to get rid of this virus? 

 
 
 


BC AdBot (Login to Remove)

 


#2 Masterben

Masterben
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 June 2015 - 12:24 PM

Sorry, I forgot to attach the log files. Here they are.

 

 

Attached Files


Edited by Masterben, 05 June 2015 - 12:42 PM.


#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 05 June 2015 - 01:36 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).


Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Task: {66E024F6-0BAB-4162-9AB2-A7C9AB5697DA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-30] ()
    C:\Windows\AutoKMS\
    C:\ProgramData\Microsoft\Performance\Monitor\
    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-05-20] ()
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 05 June 2015 - 01:37 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 Masterben

Masterben
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 June 2015 - 07:04 PM

Hi Jürgen and thanks for your help.

 

Here are the requested logs:

 

 

 

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Etherius at 2015-06-06 01:46:33 Run:1
Running from C:\Users\Etherius\Desktop
Loaded Profiles: Etherius (Available Profiles: Etherius)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
Task: {66E024F6-0BAB-4162-9AB2-A7C9AB5697DA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-30] ()
C:\Windows\AutoKMS\
C:\ProgramData\Microsoft\Performance\Monitor\
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-05-20] ()
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
EmptyTemp:
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{66E024F6-0BAB-4162-9AB2-A7C9AB5697DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E024F6-0BAB-4162-9AB2-A7C9AB5697DA}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\Windows\AutoKMS => moved successfully.
 
"C:\ProgramData\Microsoft\Performance\Monitor" folder move:
 
Could not move "C:\ProgramData\Microsoft\Performance\Monitor" folder => Scheduled to move on reboot.
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
"HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
EmptyTemp: => 1020.2 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-06 01:48:25)<=
 
C:\ProgramData\Microsoft\Performance\Monitor => Is moved successfully
 
==== End of Fixlog 01:48:25 ====
 
 
 
FRST.txt:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Etherius (administrator) on ETHER on 06-06-2015 01:52:11
Running from C:\Users\Etherius\Desktop
Loaded Profiles: Etherius (Available Profiles: Etherius)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
() C:\Program Files\Andy\HandyAndy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Andy\AndyPriorityMgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2014-11-28] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2014-11-28] (VIA)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QFan Help] => C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [611968 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [907144 2015-02-03] ()
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe [9936000 2010-07-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-199329353-3912896754-1190417889-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-199329353-3912896754-1190417889-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-199329353-3912896754-1190417889-1000\...\Run: [AdobeBridge] => [X]
Startup: C:\Users\Etherius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Etherius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\system32\pfmshx_A1C.dll [2014-07-11] (Pismo Technic Inc.)
ShellIconOverlayIdentifiers-x32: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\SysWOW64\pfmshx_A1C.dll [2014-07-11] (Pismo Technic Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-199329353-3912896754-1190417889-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-07-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-07-27] (Microsoft Corporation)
BHO-x32: WsftpBrowserHelper Class -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll [2004-08-18] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Etherius\AppData\Roaming\Mozilla\Firefox\Profiles\gpksplml.default-1425325314571
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-13] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-11] (Apple Inc.)
FF Extension: Flash and Video Download - C:\Users\Etherius\AppData\Roaming\Mozilla\Firefox\Profiles\gpksplml.default-1425325314571\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-06-01]
FF Extension: Video DownloadHelper - C:\Users\Etherius\AppData\Roaming\Mozilla\Firefox\Profiles\gpksplml.default-1425325314571\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: User Agent Switcher - C:\Users\Etherius\AppData\Roaming\Mozilla\Firefox\Profiles\gpksplml.default-1425325314571\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-11-29]
 
Chrome: 
=======
CHR Profile: C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-15]
CHR Extension: (Angry Birds) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-05-15]
CHR Extension: (Google Drive) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-15]
CHR Extension: (New Tabs At End) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgogjfbkjgjhonhikkkflpkgpcpfljoa [2015-05-15]
CHR Extension: (YouTube) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-15]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-05-15]
CHR Extension: (Google Search) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-15]
CHR Extension: (Session Buddy) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-05-15]
CHR Extension: (Google Sheets) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-15]
CHR Extension: (AdBlock) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-15]
CHR Extension: (Cryptocat) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2015-05-15]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2015-05-15]
CHR Extension: (Voice Recognition) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-05-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-15]
CHR Extension: (Modified Tab Ordering) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlppppejjiiinhklmlpfkafimagbcbe [2015-05-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-15]
CHR Extension: (Ghostery) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-15]
CHR Extension: (Google Wallet) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (SEO for Chrome) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Etherius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-15]
CHR HKU\S-1-5-21-199329353-3912896754-1190417889-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Classic Tabs) - C:\Users\Etherius\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2014-11-30]
OPR Extension: (Smart RSS) - C:\Users\Etherius\AppData\Roaming\Opera Software\Opera Stable\Extensions\nncgmpcdlilgbepbfpeidpjlcdfhmcfp [2015-01-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2015-02-23] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-01-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2015-01-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-01-30] (ESET)
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [685056 2005-04-06] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 pfmfs_A1C; C:\Windows\System32\Drivers\pfmfs_A1C.sys [258656 2014-07-11] (Pismo Technic Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WinRing0_1_2_0; D:\Download_Boy2\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 cpuz138; \??\C:\Users\Etherius\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-06 01:52 - 2015-06-06 01:52 - 00021241 _____ C:\Users\Etherius\Desktop\FRST.txt
2015-06-06 01:44 - 2015-06-06 01:44 - 02108928 _____ (Farbar) C:\Users\Etherius\Desktop\FRST64.exe
2015-06-05 10:20 - 2015-06-05 10:20 - 00000000 ____D C:\test
2015-06-05 02:13 - 2015-06-06 01:52 - 00000000 ____D C:\FRST
2015-06-04 22:22 - 2015-06-04 22:22 - 00000562 _____ C:\Windows\PFRO.log
2015-06-03 02:59 - 2015-06-04 13:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 11:00 - 2015-06-02 11:00 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-01 01:00 - 2015-06-06 01:47 - 00000392 _____ C:\Windows\setupact.log
2015-06-01 01:00 - 2015-06-01 01:00 - 00000000 _____ C:\Windows\setuperr.log
2015-05-24 11:29 - 2015-05-24 11:29 - 00000000 ____D C:\Program Files\JWildfire
2015-05-21 22:27 - 2015-05-21 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-21 22:27 - 2015-05-21 22:27 - 00000000 ____D C:\ProgramData\ESET
2015-05-21 22:27 - 2015-05-21 22:27 - 00000000 ____D C:\Program Files\ESET
2015-05-21 05:04 - 2015-05-21 05:06 - 00000000 ____D C:\Users\Etherius\Desktop\SHHHHHHHHH
2015-05-20 18:21 - 2015-05-23 00:04 - 00001153 _____ C:\Users\Etherius\Desktop\Modular V2.lnk
2015-05-20 18:21 - 2015-05-22 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2015-05-20 18:21 - 2015-05-20 18:21 - 00000000 ____D C:\ProgramData\Arturia
2015-05-20 18:21 - 2015-05-20 18:21 - 00000000 ____D C:\Program Files\Common Files\Avid
2015-05-20 18:21 - 2015-05-20 18:21 - 00000000 ____D C:\Program Files (x86)\Arturia
2015-05-20 07:06 - 2015-05-21 11:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-05-19 06:30 - 2015-05-19 06:30 - 00001203 _____ C:\Users\Etherius\AppData\Local\recently-used.xbel
2015-05-19 06:07 - 2015-05-19 06:07 - 00001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-05-19 06:07 - 2015-05-19 06:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-05-19 06:07 - 2015-05-19 06:07 - 00000000 ____D C:\Program Files\Recuva
2015-05-19 05:21 - 2015-05-30 03:38 - 00004958 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ether-Etherius Ether
2015-05-19 05:09 - 2015-05-19 08:04 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\gnupg
2015-05-19 04:53 - 2015-05-19 04:53 - 00000000 ____D C:\Users\Etherius\AppData\Local\GNU
2015-05-18 15:39 - 2015-05-18 23:07 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\Audacity
2015-05-18 15:39 - 2015-05-18 15:39 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-05-18 15:39 - 2015-05-18 15:39 - 00001007 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-05-18 15:38 - 2015-05-18 15:39 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-05-17 23:50 - 2015-05-17 23:50 - 00000000 _____ C:\Windows\SysWOW64\RENFCFC.tmp
2015-05-17 23:50 - 2015-05-17 23:50 - 00000000 _____ C:\Windows\SysWOW64\REN2B6B.tmp
2015-05-17 03:02 - 2015-06-06 01:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0903d18afefe3.job
2015-05-17 03:02 - 2015-05-17 03:02 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0903d18afefe3
2015-05-16 20:16 - 2015-05-16 20:16 - 00000000 ____D C:\Program Files\ConvertHelper3
2015-05-15 15:56 - 2015-05-15 16:02 - 00000000 ____D C:\LearnJava2
2015-05-15 15:55 - 2015-05-15 15:56 - 00000000 ____D C:\JavaDev
2015-05-15 15:38 - 2015-05-15 15:43 - 00000000 ____D C:\LearnJava
2015-05-15 15:33 - 2015-05-15 15:33 - 00001178 _____ C:\Users\Etherius\Desktop\eclipse - Shortcut.lnk
2015-05-15 15:13 - 2015-05-15 15:17 - 00000000 ____D C:\Users\Etherius\workspace2
2015-05-15 14:31 - 2015-05-15 14:31 - 00000802 _____ C:\Users\Etherius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-05-15 14:13 - 2015-05-15 14:15 - 35854880 _____ C:\Users\Etherius\Desktop\torbrowser-install-4.5.1_en-US.exe
2015-05-15 11:58 - 2015-05-26 02:10 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-15 11:58 - 2015-05-15 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-13 12:42 - 2015-05-13 12:49 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\Andy
2015-05-13 12:42 - 2015-05-13 12:49 - 00000000 ____D C:\Users\Etherius\Andy
2015-05-13 12:42 - 2015-05-13 12:42 - 00000805 _____ C:\Users\Public\Desktop\Start Andy.lnk
2015-05-13 12:42 - 2015-05-13 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-05-13 12:42 - 2015-05-13 12:42 - 00000000 ____D C:\Program Files\Oracle
2015-05-13 12:42 - 2014-11-21 14:57 - 00916024 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-05-13 12:42 - 2014-11-21 14:55 - 00128080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-05-12 22:13 - 2015-05-12 22:13 - 00684016 _____ (Opera Software) C:\Users\Etherius\Downloads\Opera_NI_stable.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-06 01:48 - 2015-03-26 21:53 - 00000000 ____D C:\Users\Etherius\.VirtualBox
2015-06-06 01:48 - 2014-12-01 14:40 - 00000000 ___RD C:\Users\Etherius\Google Drive
2015-06-06 01:47 - 2015-02-05 17:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0415bdc9ca56a.job
2015-06-06 01:47 - 2014-11-28 11:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 01:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 01:46 - 2014-11-28 20:30 - 01624154 _____ C:\Windows\WindowsUpdate.log
2015-06-06 01:45 - 2014-11-28 12:42 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\Skype
2015-06-06 01:07 - 2015-02-05 17:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0415bdcdb0ee4.job
2015-06-06 00:58 - 2014-11-28 11:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 19:21 - 2014-11-28 12:26 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\FileZilla
2015-06-05 14:01 - 2014-11-28 13:49 - 00000000 ____D C:\Users\Etherius\AppData\Local\Paint.NET
2015-06-05 13:59 - 2014-12-25 17:21 - 00063488 _____ C:\Users\Etherius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-05 11:36 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 11:36 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-05 11:34 - 2009-07-14 07:13 - 00785554 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-05 04:06 - 2015-04-05 20:23 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-05 04:06 - 2015-04-05 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-04 23:26 - 2015-01-23 12:54 - 00005807 _____ C:\Users\Etherius\j-wildfire.properties
2015-06-04 22:24 - 2015-01-23 12:53 - 00000078 _____ C:\Users\Etherius\j-wildfire-launcher.properties
2015-06-04 22:22 - 2014-12-02 11:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 22:20 - 2015-02-07 00:51 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\CDisplayEx
2015-06-03 19:02 - 2014-12-28 09:41 - 00000000 ____D C:\Users\Etherius\AppData\Local\ManyCam
2015-06-02 11:00 - 2014-11-28 11:47 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-29 20:09 - 2014-12-10 20:25 - 00000000 ____D C:\Users\Etherius\AppData\Local\WMTools Downloaded Files
2015-05-28 23:57 - 2015-04-03 00:18 - 00000000 _____ C:\Windows\SysWOW64\gst.bin
2015-05-25 13:33 - 2014-11-28 12:42 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 12:21 - 2014-11-29 11:31 - 00001456 _____ C:\Users\Etherius\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-05-25 09:57 - 2014-12-08 23:12 - 00000000 ____D C:\Users\Etherius\Documents\My Kindle Content
2015-05-24 11:29 - 2015-04-01 18:41 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JWildfire.lnk
2015-05-24 11:29 - 2015-04-01 18:41 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\JWildfire.lnk
2015-05-23 00:03 - 2014-12-15 16:29 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2015-05-21 22:36 - 2014-11-30 05:47 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-20 22:15 - 2014-11-30 05:48 - 00003824 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417319333
2015-05-19 06:16 - 2014-11-28 20:30 - 00000000 ____D C:\Users\Etherius
2015-05-19 06:16 - 2014-11-28 11:41 - 00000000 ____D C:\Intel
2015-05-19 06:14 - 2014-12-05 15:36 - 00000000 ____D C:\router
2015-05-19 06:13 - 2014-12-25 05:28 - 00000000 ____D C:\GeoVision
2015-05-19 05:44 - 2014-11-28 20:24 - 00000000 ____D C:\Windows\Panther
2015-05-19 05:13 - 2014-12-13 21:50 - 00000000 ____D C:\Program Files (x86)\GNU
2015-05-19 05:12 - 2014-11-29 00:48 - 00000000 ____D C:\Users\Etherius\AppData\Local\gtk-2.0
2015-05-19 04:12 - 2014-11-28 21:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-05-18 15:39 - 2014-12-30 02:18 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\Loomer
2015-05-18 13:33 - 2009-07-14 07:08 - 00026670 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-18 03:22 - 2015-01-13 21:28 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\CodeBlocks
2015-05-18 03:15 - 2015-02-09 07:46 - 00000000 ____D C:\ProgramData\TEMP
2015-05-17 23:51 - 2014-12-11 08:25 - 00000000 ____D C:\ProgramData\Oracle
2015-05-17 23:50 - 2015-03-19 00:13 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-17 03:02 - 2015-02-05 17:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0415bdcdb0ee4
2015-05-17 03:02 - 2015-02-05 17:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0415bdc9ca56a
2015-05-15 15:56 - 2015-05-06 23:34 - 00000000 ____D C:\Users\Etherius\AppData\Local\Eclipse
2015-05-15 11:58 - 2014-11-28 11:47 - 00000000 ____D C:\Users\Etherius\AppData\Local\Google
2015-05-13 12:49 - 2015-03-26 21:06 - 00000000 ____D C:\Program Files\Andy
2015-05-13 12:47 - 2015-03-26 21:53 - 00000000 ____D C:\Users\Etherius\VirtualBox VMs
2015-05-13 12:45 - 2015-02-02 00:48 - 00000000 ____D C:\Users\Etherius\AppData\Roaming\vlc
2015-05-13 12:42 - 2015-03-26 21:31 - 00740775 _____ C:\ProgramData\AndyDrivers.zip
2015-05-13 12:35 - 2014-11-30 05:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-13 12:35 - 2014-11-30 05:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 12:33 - 2014-12-04 13:18 - 00000000 ____D C:\Program Files (x86)\Trillian
2015-05-11 18:48 - 2014-11-28 12:18 - 00000000 ____D C:\Users\Etherius\AppData\Local\Windows Live Writer
 
==================== Files in the root of some directories =======
 
2014-11-28 21:16 - 2015-01-31 20:21 - 0000600 _____ () C:\Users\Etherius\AppData\Roaming\winscp.rnd
2014-11-29 11:31 - 2015-05-25 12:21 - 0001456 _____ () C:\Users\Etherius\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-25 17:21 - 2015-06-05 13:59 - 0063488 _____ () C:\Users\Etherius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-19 06:30 - 2015-05-19 06:30 - 0001203 _____ () C:\Users\Etherius\AppData\Local\recently-used.xbel
2015-01-04 20:38 - 2015-01-04 20:38 - 0007629 _____ () C:\Users\Etherius\AppData\Local\Resmon.ResmonCfg
2015-03-26 21:31 - 2015-05-13 12:42 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 19:27
 
==================== End of log ============================

 

 

Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Etherius at 2015-06-06 01:52:33
Running from C:\Users\Etherius\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-199329353-3912896754-1190417889-500 - Administrator - Disabled)
Etherius (S-1-5-21-199329353-3912896754-1190417889-1000 - Administrator - Enabled) => C:\Users\Etherius
Guest (S-1-5-21-199329353-3912896754-1190417889-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 15 Pepper (HKLM-x32\...\Adobe Flash Player Pepper) (Version: 15.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Aegisub 2.1.9 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 2.1.9 - Aegisub Team)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.16 - )
Aiseesoft Total Video Converter Platinum 6.3.18 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version:  - )
Allok MPEG4 Converter 6.2.0603 (HKLM-x32\...\Allok MPEG4 Converter_is1) (Version:  - Allok Soft Inc)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arles Image Web Page Creator 10.0.2 (HKLM-x32\...\Arles Image Web Page Creator_is1) (Version: 10.0.2 - Digital Dutch)
Arturia Software Center 1.1.0 (HKLM-x32\...\Arturia Software Center_is1) (Version: 1.1.0 - Arturia)
ASCOM Platform 4.1 (HKLM-x32\...\ASCOM Platform 4.1) (Version: 4.1 - Ascom Initiative)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camel Audio Alchemy (HKLM-x32\...\Camel Audio Alchemy) (Version: 1.25.0 - Camel Audio)
Cartes du Ciel V3.10 (HKLM-x32\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CCS64 V3.9.1 (HKLM-x32\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
CodeBlocks (HKU\S-1-5-21-199329353-3912896754-1190417889-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Eplex7 Spherum FX (HKLM-x32\...\Eplex7 Spherum FX) (Version:  - )
EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.03.02 - )
ESET Smart Security (HKLM\...\{293ADC3B-DCF3-44C2-9CE8-19DD2B4F7646}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Evernote v. 5.8.5 (HKLM-x32\...\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}) (Version: 5.8.5.7193 - Evernote Corp.)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FrameShots Video Screen Capture (HKLM-x32\...\FrameShots) (Version:  - EOF Productions)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GoAnywhere OpenPGP Studio (HKLM-x32\...\0484-4574-4165-4413) (Version: 1.0.1 - Linoma Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPU Caps Viewer 1.23.0.2 (HKLM-x32\...\{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1) (Version:  - Geeks3D.com)
GPU Caps Viewer v1.8.0 (HKLM-x32\...\GPU Caps Viewer_is1) (Version:  - oZone3D.Net)
Greenshot 1.2.4.9 (HKLM\...\Greenshot_is1) (Version: 1.2.4.9 - Greenshot)
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
HASP4 Device Drivers (HKLM-x32\...\HASP4 Device Drivers) (Version:  - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Ipswitch WS_FTP Pro (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 9.01 - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
K-Lite Codec Pack 10.9.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
Loomer String (HKLM-x32\...\String) (Version:  - Loomer)
Macromedia Dreamweaver MX 2004 (HKLM-x32\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0.1 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
ManyCam 4.0.109 (HKLM-x32\...\ManyCam) (Version: 4.0.109 - Visicom Media Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{7785F029-FBFF-4572-8E1C-596D8A28B548}) (Version: 5.1.09 - Microsoft Research)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Modular V2 2.7.2 (HKLM-x32\...\Modular V2_is1) (Version: 2.7.2 - Arturia)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Parashara's Light 7.0 (HKLM-x32\...\Parashara's Light 7.0) (Version: 7.0.0.0 - Geovision Software Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version:  - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.28 - NCH Software)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Spectaculator 8.0 (HKLM-x32\...\{B21AE9DA-E837-4F82-B061-7848B4F3096B}) (Version: 8.0.0.3092 - spectaculator.com)
Star Racing (HKLM-x32\...\Star Racing_is1) (Version: 1.0 - Media Contact LLC)
Starry Night Pro Plus 6 (HKLM-x32\...\Starry Night Pro Plus 6) (Version: 6.0.0.0 - Imaginova Canada Ltd.)
Stellarium 0.13.1 (HKLM\...\Stellarium_is1) (Version: 0.13.1 - Stellarium team)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Terragen 2 Deep Edition (HKLM\...\{50FF1AC8-AA99-42D3-9A05-8E98DA56E43D}) (Version: 2.4.31 - Planetside Software)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.31 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VidCoder 1.5.27 Beta (x86) (HKLM-x32\...\VidCoder-Beta-x86_is1) (Version: 1.5.27 - RandomEngy)
VidCoder 1.5.31 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.31 - RandomEngy)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.05 - NCH Software)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
30-05-2015 03:38:19 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {29E7D88A-99A6-4C52-891C-472575537EFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {4BB0777C-59B9-46CA-A666-6F8C9A55D20F} - System32\Tasks\Opera scheduled Autoupdate 1417319333 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {5C43B629-7573-470D-A99F-74797939F8C0} - System32\Tasks\GoogleUpdateTaskMachineUA1d0415bdcdb0ee4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {61CC1F4C-7362-40DC-8396-5D97D2F5B997} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {8A7A650A-0064-4E40-9AD8-39309DA5F7A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8F4ECBC8-8AEC-4215-87B7-62CFA4BA55DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {B2C85BD1-FBCB-4786-814A-2C0F8CA8FA3C} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {C107E2EF-479E-401C-BD2A-99A3869D3192} - System32\Tasks\GoogleUpdateTaskMachineCore1d0415bdc9ca56a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {C3083366-53B6-46DC-9D2F-DD4572CD24B9} - System32\Tasks\GoogleUpdateTaskMachineUA1d0903d18afefe3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {C8A7CEAD-7CCC-4197-823F-2D03C2C07A5B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-12] ()
Task: {D1839080-EE45-46B6-996B-31F2BD240BB2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D7804DDA-06B0-4CB2-A016-41777416BD89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {E0875AAD-EF89-4219-8E21-2F139D3C82F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E7A075AD-9A94-4AA8-9D25-A1C1C94C64A9} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-11-27] (ASUSTeK Computer Inc.)
Task: {ED517B60-D130-4850-985A-A4C9CBB3B8BE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Ether-Etherius Ether => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0415bdc9ca56a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0415bdcdb0ee4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0903d18afefe3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-10 19:15 - 2010-06-24 14:19 - 00109056 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
2014-07-27 12:41 - 2014-07-27 12:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-28 12:00 - 2014-11-28 12:00 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-11-28 12:00 - 2014-11-28 12:00 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-11-28 12:00 - 2014-11-28 12:00 - 00105584 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2014-11-28 12:00 - 2014-11-28 12:00 - 64643696 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-05-13 12:42 - 2015-02-03 16:22 - 00907144 _____ () C:\Program Files\Andy\HandyAndy.exe
2015-05-13 12:42 - 2015-02-03 15:29 - 00856968 _____ () C:\Program Files\Andy\AndyPriorityMgr.exe
2015-04-10 19:15 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
2015-04-10 19:15 - 2010-06-01 10:38 - 00253952 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
2015-04-02 12:58 - 2015-04-02 12:58 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-04-02 12:58 - 2015-04-02 12:58 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-06-06 01:48 - 2015-06-06 01:48 - 00098816 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32api.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00110080 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\pywintypes27.dll
2015-06-06 01:48 - 2015-06-06 01:48 - 00364544 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\pythoncom27.dll
2015-06-06 01:48 - 2015-06-06 01:48 - 00045568 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_socket.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 01161216 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_ssl.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00320512 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32com.shell.shell.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00713216 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_hashlib.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 01175040 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._core_.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00805888 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._gdi_.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00811008 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._windows_.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 01062400 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._controls_.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00735232 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._misc_.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00682496 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\pysqlite2._sqlite.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00087552 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_ctypes.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00119808 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32file.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00108544 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32security.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00007168 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\hashobjs_ext.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00026624 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\usb_ext.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00167936 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32gui.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00018432 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32event.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00128512 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_elementtree.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00127488 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\pyexpat.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00013824 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\common.time34.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00036864 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_psutil_windows.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00038912 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32inet.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00011264 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32crypt.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00070656 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._html2.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00027136 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_multiprocessing.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00020480 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\_yappi.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00035840 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32process.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00686080 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\unicodedata.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00122368 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._wizard.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00024064 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32pipe.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00010240 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\select.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00025600 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32pdh.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00525640 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\windows._lib_cacheinvalidation.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00017408 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32profile.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00022528 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\win32ts.pyd
2015-06-06 01:48 - 2015-06-06 01:48 - 00078336 _____ () C:\Users\Etherius\AppData\Local\Temp\_MEI8882\wx._animate.pyd
2015-05-26 02:10 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 02:10 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CD30FA91
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-199329353-3912896754-1190417889-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Etherius\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E14D5461-09CB-45AC-950A-D740599CEA46}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F696B408-C434-43BA-A7CA-DBC0B6734BD3}] => (Allow) LPort=2869
FirewallRules: [{8ACE0173-5F91-46F7-9A0E-7852745659B7}] => (Allow) LPort=1900
FirewallRules: [{6BC8C630-9269-4851-AC3A-19F8C0C22F43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{521F7CDA-01EC-4075-84A0-EECE0532D1C9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{98158BF6-66D3-4095-82A8-688B3E1D7FC5}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9D8AC572-2B27-4D04-AD86-F73D892FE6F7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC49BDA3-502F-4ADA-B2B4-9A4B5CBDE3AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{123FE786-7E0A-40C8-937B-8B77DC7A373F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BFF624CB-4068-4D08-B1E1-5DC461925790}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7DE8E17A-09C9-49CF-AEBE-6A5C74DBF37D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E1BACA6D-F7B4-46DB-9C5D-C98EEC8474F5}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{94BA18F5-3594-4B5B-9997-F96FAD6ADBCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F005598-2B97-4A5B-A261-8BC73B658BA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{133BAFE4-79CA-4A04-8B62-2D5B0580FD5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A2FC8DC-93C3-4492-8968-6E130AB4FEE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D319D74E-2DCC-4863-AE29-D8D8D308741D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6350759-03A5-4DEA-803C-61398F6BB3DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48FA9288-D6E6-4690-B862-D5E6E209CA3A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D09766C6-439B-4CB6-98E3-CFDA88F56A11}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{99CB19F6-31CC-4E97-AAAA-995AB65E7DF6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{18C3E631-0E7F-465C-A132-B825E373ADAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: HL-DT-ST DVDRAM GH22NS50 ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/06/2015 01:49:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 07:47:21 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 7432.  Message ID: [0x2509].
 
Error: (06/05/2015 11:30:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 11:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 10:27:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 10:19:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2015 10:24:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2015 10:04:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3624.  Message ID: [0x2509].
 
Error: (06/04/2015 04:35:30 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 660.  Message ID: [0x2509].
 
Error: (06/04/2015 01:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FSViewer.exe version 5.3.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1dc4
 
Start Time: 01d09e10c305a5a3
 
Termination Time: 40
 
Application Path: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
 
Report Id: ac0d85fe-0aae-11e5-b23f-90e6ba15c0f8
 
 
System errors:
=============
Error: (06/06/2015 01:47:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (06/06/2015 01:47:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hardlock service failed to start due to the following error: 
%%1275
 
Error: (06/06/2015 01:47:46 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hardlock.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/06/2015 01:46:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/06/2015 01:46:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/06/2015 01:46:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/06/2015 01:46:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/06/2015 01:46:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS System Control Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/06/2015 01:46:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/06/2015 01:46:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (06/06/2015 01:49:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 07:47:21 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 7432.  Message ID: [0x2509].
 
Error: (06/05/2015 11:30:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 11:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 10:27:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2015 10:19:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2015 10:24:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2015 10:04:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3624.  Message ID: [0x2509].
 
Error: (06/04/2015 04:35:30 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 660.  Message ID: [0x2509].
 
Error: (06/04/2015 01:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FSViewer.exe5.3.0.01dc401d09e10c305a5a340C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exeac0d85fe-0aae-11e5-b23f-90e6ba15c0f8
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 30%
Total physical RAM: 6142.05 MB
Available physical RAM: 4294.46 MB
Total Pagefile: 12282.3 MB
Available Pagefile: 10211.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:31.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.41 GB) (Free:273.69 GB) NTFS
Drive e: () (Removable) (Total:14.63 GB) (Free:6.18 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 423A5B8E)
Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FF7C4A1E)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 14.6 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)
 
==================== End of log ============================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 06 June 2015 - 01:04 AM

Hi there,

Step 1

emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif

Edited by deeprybka, 06 June 2015 - 01:07 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 Masterben

Masterben
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 06 June 2015 - 09:39 AM

Hello there,

 

Here is the requested log below.

 

By the way, while Emergency Kit was scanning for (and especially when it was finding) viruses, my ESET Smart Security was reporting that it found quite a big number of viruses in locations such as this one:

 

6/6/2015 11:56:56 AM Real-time file system protection file C:\Users\Etherius\AppData\Local\Temp\tmp00003967\tmp002d60ee Win32/Oficla.FA trojan cleaned by deleting - quarantined Ether\Etherius Event occurred on a new file created by the application: C:\bin\a2emergencykit.exe.

 

I suspect that since the time of ESET's finding/noticing these infections in real time precisely corresponds to the time when Emergency Kit found its own malware, this probably means that ESET was finding the same infections that Emergency Kit was examining at the moment, so these two are obviously connected. Do you think that ESET's notifications can be thus discarded as redundant alarms? Here is the screenshot of ESET's log:

 

------------------------------------------

Attached File  alarms.jpg   134.53KB   0 downloads

 
Emsisoft Emergency Kit - Version 9.0
Last update: 6/6/2015 11:38:26 AM
User account: Ether\Etherius
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 6/6/2015 11:38:36 AM
C:\FRST\Quarantine\C\Windows\AutoKMS\AutoKMS.exe  detected: Riskware.Win32.HackTool (A)
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 322) -> [Subject: FedEx Tracking Notification #952540809][Date: Tue, 7 Aug 2012 17:38:47 +0100] -> (MIME part) -> FedEx-Tracking_Notification-08_20127683 -> FedEx-Tracking_Information-08_2012.exe  detected: Trojan.Gamarue.F (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 335) -> [Subject: Your parcel is expecting of receiving?][Date: Tue, 10 Jul 2012 A.D. 12:38:03 -0400] -> (MIME part) -> Label_Details_USPS_Tracking_ID06108.zip -> USPS_Print_Label.exe  detected: Trojan.Generic.KDV.669456 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 520) -> [Subject: IRS recalculation the tax #ID8284][Date: Sat, 07 Jan 2012 06:09:39 +0100] -> (MIME part) -> Tax_Refund.zip -> Tax_Refund.exe  detected: Gen:Heur.FKP.1 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 547) -> [Subject: USPS Delivery Failure Notification][Date:?Tue, 6 Dec 2011 08:59:18 -0800] -> (MIME part) -> USPS report.zip -> USPS report.exe  detected: Gen:Variant.Kazy.47555 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 553) -> [Subject: USPS Delivery Failure Notification][Date:?Tue, 6 Dec 2011 16:43:07 +0000] -> (MIME part) -> USPS report.zip -> USPS report.exe  detected: Gen:Variant.Kazy.47555 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 653) -> [Subject: Successfull Order 010570][Date:?Tue, 26 Apr 2011 19:17:37 +0200] -> (MIME part) -> Order details.zip -> Order details.exe  detected: Trojan.Downloader.Small.ABLP (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 664) -> [Subject: Vistaprint Canadian Tax Invoice (68626][Date: Sat, 28 Aug 2010 00:05:46 -0800] -> (MIME part) -> Tax Invoice.html -> (JAVASCRIPT 1)  detected: Trojan.JS.Redirector.JJ (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 667) -> [Subject: Daniel Covington die][Date: Thu, 16 Sep 2010 16:59:05 -0500] -> (MIME part) -> Daniel Covington.html  detected: Trojan.JS.Redirector.EA (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 668)  detected: Trojan.Script.472987 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 671) -> [Subject: resume][Date: Thu, 23 Sep 2010 12:28:09 +0530] -> (MIME part) -> 59164resume.html  detected: Trojan.Script.477799 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 709) -> [Subject: UPS Delivery Problem NR.4133054][Date:?Tue, 4 May 2010 22:24:04 +0200] -> (MIME part) -> UPS_invoice_2978.zip -> UPS_invoice_2978.exe  detected: Gen:Variant.Koobface.2 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 734) -> [Subject: A new settings file for the ben@guyshe][Date: Mon, 22 Feb 2010 14:03:34 +0530] -> (MIME part) -> settings.zip -> settings.exe  detected: Trojan.CryptRedol.Gen.5 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 757) -> [Subject: updated account agreement][Date: Tue, 16 Feb 2010 21:12:02 +0100] -> (MIME part) -> agreement.zip -> agreement.exe  detected: Trojan.CryptRedol.Gen.5 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 762) -> [Subject: Facebook Password Reset Confirmation. ][Date:?Mon, 7 Dec 2009 22:08:18 +0900] -> (MIME part) -> Facebook_Password_6acd6.zip -> Facebook_Password_6acd6.exe  detected: Trojan.CryptRedol.Gen.5 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 768) -> [Subject: UPS Delivery Problem NR 48966.][Date: Wed, 31 Mar 2010 11:29:39 +0000] -> (MIME part) -> UPS_invoice_3845.zip -> UPS_invoice_3845.exe  detected: Trojan.Generic.4979458 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 771) -> [Subject: Thank you for buying iTunes Gift Certi][Date: Fri, 7 May 2010 11:32:16 +0000] -> (MIME part) -> iTunes_certificate_997.zip -> iTunes_certificate_997.exe  detected: Backdoor.Generic.330672 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 773) -> [Subject: Facebook Password Reset Confirmation! ][Date: Fri, 19 Mar 2010 10:26:20 -0500] -> (MIME part) -> Facebook_details_852.zip -> Facebook_details_852.exe  detected: Gen:Trojan.Heur.FU.euX@a4!6fQf (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 782) -> [Subject: UPS Delivery Problem NR.5320007][Date:?Thu, 8 Apr 2010 09:55:14 -0800] -> (MIME part) -> UPS_invoice_1683.zip -> UPS_invoice_1683.exe  detected: Gen:Variant.Bredo.4 (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 792) -> [Subject: Notice to appear][Date: Thu, 21 Aug 2014 12:36:15 -0500] -> (MIME part) -> &#1057;opy_of_Document_ID3926.zip -> Copy_of_document_August-21-2014.exe  detected: Trojan.Agent.BETE (
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX -> (message 793) -> [Subject: Delivery Problem NR8107120.][Date: Tue, 22 Jun 2010  09:47:14 -0700] -> (MIME part) -> invoice_N9714282.zip -> UPSInvoice.exe  detected: Trojan.Dropper.Oficla.Y (
D:\download druze brate\2015\FreemakeVideoConverterSetup.exe  detected: Application.Win32.AdSweet (A)
D:\Download_Boy\Adobe Photoshop CS6 Extended\64bit\amtlib.dll  detected: Riskware.Win32.CrackTool (A)
D:\Download_Boy\photoshop\Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll  detected: Application.Win32.Agent (A)
D:\Download_Boy\photoshop\Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll  detected: Riskware.Win32.CrackTool (A)
D:\Download_Boy\PS mart 2013\Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll  detected: Application.Win32.Agent (A)
D:\Download_Boy\PS mart 2013\Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll  detected: Riskware.Win32.CrackTool (A)
D:\Users\ETHER\AppData\Local\Microsoft\Windows Live Mail\Roughstraig e42\Deleted Items\720D642A-00000015.eml -> [Subject: Outstanding Payment Reminder/Urgent][Date: Mon, 21 Apr 2014 20:05:15 +0000] -> (MIME part) -> Details.rar -> Details.exe  detected: Gen:Heur.Jatif.Gen.1 (
D:\Users\ETHER\Documents\Downloads\34 TTS Voices\Loquendo TTS - English & Non-English\_patch.exe  detected: Backdoor.Generic.668928 (
D:\Users\ETHER\Documents\Downloads\34 TTS Voices\Loquendo TTS - English & Non-English\loquendo_tts_text-to-speech_no-license-key-needed_all-voices-patch_crack_serial_version_6-by_WAR_Hammer.exe  detected: Backdoor.Generic.668928 (
 
Scanned 751162
Found 30
 
Scan end: 6/6/2015 3:43:36 PM
Scan time: 4:05:00
 
D:\Users\ETHER\Documents\Downloads\34 TTS Voices\Loquendo TTS - English & Non-English\loquendo_tts_text-to-speech_no-license-key-needed_all-voices-patch_crack_serial_version_6-by_WAR_Hammer.exe Quarantined Backdoor.Generic.668928 (
D:\Users\ETHER\Documents\Downloads\34 TTS Voices\Loquendo TTS - English & Non-English\_patch.exe Quarantined Backdoor.Generic.668928 (
D:\Users\ETHER\AppData\Local\Microsoft\Windows Live Mail\Roughstraig e42\Deleted Items\720D642A-00000015.eml Quarantined Gen:Heur.Jatif.Gen.1 (
D:\Download_Boy\PS mart 2013\Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
D:\Download_Boy\PS mart 2013\Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll Quarantined Application.Win32.Agent (A)
D:\Download_Boy\photoshop\Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
D:\Download_Boy\photoshop\Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll Quarantined Application.Win32.Agent (A)
D:\Download_Boy\Adobe Photoshop CS6 Extended\64bit\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
D:\download druze brate\2015\FreemakeVideoConverterSetup.exe Quarantined Application.Win32.AdSweet (A)
C:\Users\Etherius\AppData\Roaming\Thunderbird\Profiles\26lsg387.default\ImapMail\mail.nationalnet.com\INBOX Quarantined Trojan.Dropper.Oficla.Y (
C:\FRST\Quarantine\C\Windows\AutoKMS\AutoKMS.exe Quarantined Riskware.Win32.HackTool (A)
 
Quarantined 11
 

Edited by Masterben, 06 June 2015 - 09:44 AM.


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 06 June 2015 - 10:09 AM

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Masterben

Masterben
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 06 June 2015 - 10:52 AM

That was all found of drive D: which I use for archival purposes. It was an old piece of software that I don't use anymore, and I totally forgot that it's still there. I will delete all instances of cracked software that may be still on that drive, but as I said I already don't use it anymore. I only use fully licensed software now.

 

So what should I do with my PC. Is it safe now?



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 06 June 2015 - 10:55 AM

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Is it safe now?

 
Yes.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Masterben

Masterben
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 06 June 2015 - 11:08 AM

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Is it safe now?

 

 

 

 
Ok, Photoshop removed as well. I didn't use it often anyway.
Thank you so much for your help.

Edited by Masterben, 06 June 2015 - 11:09 AM.


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 07 June 2015 - 02:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users