Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplorer.exe running in the background


  • This topic is locked This topic is locked
30 replies to this topic

#1 yancim

yancim

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 30 December 2014 - 04:10 AM

There are multiple instances of iexplorer.exe running in task manager draining resources drom my PC and a Blank Page entry in the apps section although I am not running IE at all. Moreover there are a number of entries in the frequent sites list in the Start Menu under Internet Explorer which I do not recognise. I have sought assistance from another site but to no avail. Please see attached and appreciate any help given

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Yannis at 9:54:11 on 2014-12-30
Microsoft Windows 7 Professional   6.1.7601.1.1253.30.1033.18.3551.1169 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\bdwtxapps.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcon.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\VPNCheck\VPNCheck.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\System32\sdclt.exe
C:\Program Files\Bitdefender\Bitdefender 2015\BootLauncher.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN3BMDSHF405RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
uRun: [VPNCheck] C:\Program Files (x86)\VPNCheck\startVPNCheck.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
mRun: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Yannis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0A9452DF-896E-4AA2-803F-715D798D167D} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{15A0F470-FDF3-4C19-B3B4-11D4E6F65F25} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2F5319DE-D4D7-44FA-862E-600BB57B184E} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{405300C0-615E-4392-AFA5-BD63BBC19D37} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{92A11F12-D355-4021-9090-CD528ED95178} : NameServer = 80.67.8.226 80.67.14.78
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
x64-Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
x64-Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yannis\AppData\Roaming\Mozilla\Firefox\Profiles\po0j6rud.default-1418105174619\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser_x64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-12-19 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-12-19 436624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-12-19 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-5-30 123152]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-5-30 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-5-30 774928]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-23 1148744]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-19 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-19 969016]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2014-8-21 239696]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-9-5 6364024]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-11 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-11 19439944]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-12-28 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-12-28 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-12-28 171928]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-19 271752]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-19 4012248]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\System32\drivers\ffusb2audio.sys [2014-2-16 127280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-19 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-19 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-11 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-23 38048]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-7-23 52736]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-5-30 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-29 103448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-25 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-29 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-28 18:25:15    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-28 15:23:53    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-12-28 15:23:50    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-12-28 15:23:41    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 15:22:00    --------    d-----w-    C:\Users\Yannis\AppData\Roaming\SUPERAntiSpyware.com
2014-12-28 15:21:15    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-12-28 15:21:14    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 19:13:25    --------    d-----w-    C:\Program Files\Common Files\Logitech
2014-12-26 21:31:36    --------    d-----w-    C:\NPE
2014-12-26 21:27:17    --------    d-----w-    C:\Users\Yannis\AppData\Local\NPE
2014-12-26 12:38:03    11870360    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ABDB0E58-C700-4940-BFC5-E9DA9558F783}\mpengine.dll
2014-12-26 07:43:07    --------    d-----w-    C:\Program Files (x86)\ESET
2014-12-19 05:06:19    60043    ----a-w-    C:\ProgramData\1418965550.2620.bin
2014-12-19 05:05:56    8561    ----a-w-    C:\ProgramData\1418965550.6668.bin
2014-12-19 05:05:56    2227    ----a-w-    C:\ProgramData\1418965550.6744.bin
2014-12-19 05:05:50    116167    ----a-w-    C:\ProgramData\1418965550.1660.bin
2014-12-19 05:04:55    --------    d-----w-    C:\Windows\SysWow64\vbox
2014-12-19 05:04:55    --------    d-----w-    C:\Windows\System32\vbox
2014-12-19 05:03:57    --------    d-----w-    C:\Users\Yannis\AppData\Roaming\AVAST Software
2014-12-19 05:01:12    116728    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-12-19 05:01:11    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-12-19 05:01:09    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-12-19 05:01:08    83280    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-12-19 05:01:05    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-12-19 05:01:04    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-12-19 05:00:57    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-12-19 05:00:46    43152    ----a-w-    C:\Windows\avastSS.scr
2014-12-19 04:59:25    --------    d-----w-    C:\Program Files\AVAST Software
2014-12-19 04:57:46    --------    d-----w-    C:\ProgramData\AVAST Software
2014-12-18 20:10:41    --------    d-----w-    C:\$RECYCLE.BIN
2014-12-18 19:28:03    98816    ----a-w-    C:\Windows\sed.exe
2014-12-18 19:28:03    256000    ----a-w-    C:\Windows\PEV.exe
2014-12-18 19:28:03    208896    ----a-w-    C:\Windows\MBR.exe
2014-12-17 19:06:19    84336    ----a-w-    C:\Windows\System32\bdsandboxuiskin.dll
2014-12-17 19:06:16    33360    ----a-w-    C:\Windows\System32\bdsandboxuh.dll
2014-12-17 18:43:47    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-17 18:43:46    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-13 17:31:04    --------    d-----w-    C:\ProgramData\Package Cache
2014-12-13 14:00:35    --------    d-----w-    C:\Downloads
2014-12-10 19:52:43    55808    ----a-w-    C:\Windows\System32\rrinstaller.exe
2014-12-10 19:52:43    50176    ----a-w-    C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 19:52:43    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-12-10 19:52:43    24576    ----a-w-    C:\Windows\System32\mfpmp.exe
2014-12-10 19:52:43    23040    ----a-w-    C:\Windows\SysWow64\mfpmp.exe
2014-12-10 19:52:43    206848    ----a-w-    C:\Windows\System32\mfps.dll
2014-12-10 19:52:43    2048    ----a-w-    C:\Windows\SysWow64\mferror.dll
2014-12-10 19:52:43    2048    ----a-w-    C:\Windows\System32\mferror.dll
2014-12-10 19:52:43    103424    ----a-w-    C:\Windows\SysWow64\mfps.dll
2014-12-10 19:52:42    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-12-09 16:22:23    --------    d-----w-    C:\ProgramData\GFACE
2014-12-08 19:29:54    --------    d-----w-    C:\AdwCleaner
2014-12-07 13:22:34    --------    d-----w-    C:\Program Files (x86)\LEGO Batman 3 - Beyond Gotham
2014-12-04 17:58:33    --------    d-----w-    C:\Program Files\iPod
2014-12-04 17:58:32    --------    d-----w-    C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-04 17:58:32    --------    d-----w-    C:\Program Files\iTunes
2014-12-04 17:58:32    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-11-30 20:16:32    --------    d-----w-    C:\Users\Yannis\AppData\Roaming\MMFApplications
2014-11-30 19:18:47    --------    d-----w-    C:\Users\Yannis\AppData\Roaming\moters
2014-11-30 17:56:59    81768    ----a-w-    C:\Windows\SysWow64\xinput1_3.dll
2014-11-30 16:55:08    106408    ----a-w-    C:\Windows\SysWow64\steam_api.dll
.
==================== Find3M  ====================
.
2014-12-30 08:45:56    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-28 18:23:58    96472    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-28 18:08:46    12054    ----a-w-    C:\Users\Yannis\advanced_ip_scanner_MAC.bin
2014-12-17 19:06:08    82824    ----a-w-    C:\Windows\System32\drivers\bdsandbox.sys
2014-12-17 19:06:03    74000    ----a-w-    C:\Windows\System32\bdsandboxuiskin32.dll
2014-12-11 21:36:59    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 21:36:59    701616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 13:04:56    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-21 05:14:22    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-21 05:14:08    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-19 03:31:16    1217192    ----a-w-    C:\Windows\SysWow64\FM20.DLL
2014-11-16 19:01:36    76944    ----a-w-    C:\Windows\System32\drivers\bdvedisk.sys
2014-11-16 19:01:33    263032    ----a-w-    C:\Windows\System32\drivers\avchv.sys
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-11-09 08:54:08    129752    ----a-w-    C:\Windows\System32\drivers\707F4DB3.sys
2014-11-08 03:16:08    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-11-08 02:45:09    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-10-30 01:45:43    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-20 16:33:30    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-17 17:39:42    122584    ----a-w-    C:\Windows\System32\drivers\48230029.sys
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:23    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
.
============= FINISH: 10:00:29,52 ===============
 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:46 AM

Posted 31 December 2014 - 04:01 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

STEP 2

 

 

Please re-run FRST (make sure that Addition.txt is ticked before you press the Scan button) and then post both logs (FRST.txt and Addition.txt) in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 yancim

yancim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 31 December 2014 - 04:48 AM

Thank you Georgi

Here comes the info you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Yannis (administrator) on YANNIS-PC on 31-12-2014 10:41:09
Running from C:\Users\Yannis\Downloads
Loaded Profile: Yannis (Available profiles: Yannis & Alexandros & Erik & Catarina)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Users\Yannis\AppData\Local\Temp\{E69A255D-5A9E-4DC0-9095-3B801CDF3BC9}.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Guavi) C:\Program Files (x86)\VPNCheck\VPNCheck.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IME JPN 2007 Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMEJP\IMJPKLMG.EXE [119664 2011-09-19] (Microsoft Corporation)
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1686480 2014-12-17] (Bitdefender)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-30] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [IME JPN 2007 Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [63856 2011-09-19] (Microsoft Corporation)
HKLM-x32\...\Run: [Korean IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-19] (AVAST Software)
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2014-12-17] (Bitdefender)
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\...\Run: [VPNCheck] => C:\Program Files (x86)\VPNCheck\startVPNCheck.exe [57240 2011-03-01] (Guavi)
Startup: C:\Users\Yannis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/sv-se/?ocid=iehp
HKU\S-1-5-21-728855239-3551724509-2161394740-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-728855239-3551724509-2161394740-1001 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Yannis\AppData\Roaming\Mozilla\Firefox\Profiles\po0j6rud.default-1418105174619
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bankid.com/BankID Security Application,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Yannis\AppData\Roaming\Mozilla\Firefox\Profiles\po0j6rud.default-1418105174619\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-23]
FF Extension: Adblock Plus - C:\Users\Yannis\AppData\Roaming\Mozilla\Firefox\Profiles\po0j6rud.default-1418105174619\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-19] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-30] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-30] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-30] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-19] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-30] (BlueStack Systems)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2009-07-23] (Realtek Semiconductor Corporation                           )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-19] (Avast Software)
U4 bdselfpr; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 10:41 - 2014-12-31 10:41 - 00018516 _____ () C:\Users\Yannis\Downloads\FRST.txt
2014-12-31 10:40 - 2014-12-31 10:41 - 00000000 ____D () C:\FRST
2014-12-31 10:40 - 2014-12-31 10:40 - 02123264 _____ (Farbar) C:\Users\Yannis\Downloads\FRST64.exe
2014-12-30 20:02 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-30 20:02 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-12-30 20:02 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-12-30 20:01 - 2014-12-30 20:01 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-12-30 20:01 - 2014-12-30 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-12-30 19:24 - 2014-12-30 19:25 - 30993712 _____ (Riot Games) C:\Users\Yannis\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014(1).exe
2014-12-30 13:35 - 2014-12-30 13:36 - 00000085 _____ () C:\Windows\wininit.ini
2014-12-30 11:35 - 2014-12-30 11:35 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-30 11:34 - 2014-12-30 11:35 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-30 11:34 - 2014-12-30 11:34 - 18423384 _____ () C:\Users\Yannis\Downloads\RogueKillerX64.exe
2014-12-30 09:49 - 2014-12-30 09:49 - 00688992 ____R (Swearware) C:\Users\Yannis\Desktop\dds.com
2014-12-28 19:25 - 2014-12-28 22:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-28 19:23 - 2014-12-28 22:32 - 00000000 ____D () C:\Users\Yannis\Desktop\mbar
2014-12-28 19:23 - 2014-12-28 19:23 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Yannis\Downloads\mbar-1.08.2.1001.exe
2014-12-28 16:24 - 2014-12-28 16:24 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-28 16:23 - 2014-12-30 16:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 16:23 - 2014-12-30 13:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-28 16:23 - 2014-12-28 16:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Yannis\Downloads\spybot-2.4.exe
2014-12-28 16:20 - 2014-12-28 16:20 - 20925096 _____ (SUPERAntiSpyware) C:\Users\Yannis\Downloads\SUPERAntiSpyware.exe
2014-12-28 16:17 - 2014-12-28 16:17 - 02347384 _____ (ESET) C:\Users\Yannis\Downloads\esetsmartinstaller_enu(2).exe
2014-12-27 20:13 - 2014-12-27 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-27 20:13 - 2014-12-27 20:13 - 00000000 ____D () C:\Program Files\Logitech
2014-12-27 20:13 - 2014-12-27 20:13 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-12-27 20:12 - 2014-12-27 20:12 - 17276616 _____ (Logitech ) C:\Users\Alexandros\Downloads\lgs510_x64.exe
2014-12-27 19:46 - 2014-12-27 19:46 - 00010760 _____ () C:\Users\Yannis\Desktop\eset.txt
2014-12-27 13:51 - 2014-12-27 16:50 - 00000000 ____D () C:\Users\Yannis\Downloads\Watch.Dogs.Hotfix-RELOADED
2014-12-26 22:31 - 2014-12-26 22:31 - 00000000 ____D () C:\NPE
2014-12-26 22:27 - 2014-12-27 08:01 - 00000000 ____D () C:\Users\Yannis\AppData\Local\NPE
2014-12-26 22:26 - 2014-12-26 22:26 - 03060320 _____ (Symantec Corporation) C:\Users\Yannis\Downloads\NPE.exe
2014-12-26 21:27 - 2014-12-26 21:27 - 02347384 _____ (ESET) C:\Users\Yannis\Downloads\esetsmartinstaller_enu(1).exe
2014-12-26 15:48 - 2014-12-26 15:48 - 00000000 ____D () C:\Users\Yannis\Downloads\[R.G. Mechanics] Black Mirror Anthology
2014-12-26 13:12 - 2014-12-26 16:18 - 00000000 ____D () C:\Users\Yannis\Downloads\GRID.Autosport-RELOADED[rarbg]
2014-12-26 11:08 - 2014-12-26 12:16 - 00000000 ____D () C:\Users\Yannis\Downloads\DOOM 3 BFG Edition PC full game ^^nosTEAM^^
2014-12-26 11:04 - 2014-12-26 11:10 - 00000000 ____D () C:\Users\Yannis\Downloads\DIRT 3 PC game + DLC Complete Edition ^^nosTEAM^^
2014-12-26 10:39 - 2014-12-26 16:24 - 00000000 ____D () C:\Users\Yannis\Downloads\Ultra.Street.Fighter.IV-RELOADED
2014-12-26 08:39 - 2014-12-26 08:39 - 02347384 _____ (ESET) C:\Users\Yannis\Downloads\esetsmartinstaller_enu.exe
2014-12-25 22:55 - 2014-12-25 22:56 - 00000000 ____D () C:\Users\Yannis\Downloads\Hans Zimmer - Interstellar (2014) (FLAC)
2014-12-25 22:31 - 2014-12-25 22:32 - 00000000 ____D () C:\Users\Yannis\Downloads\Downton Abbey S05 SPECIAL HDTV
2014-12-25 21:10 - 2014-12-25 22:56 - 00000000 ____D () C:\Users\Yannis\Downloads\Watch.Dogs-RELOADED
2014-12-25 19:06 - 2014-12-25 19:43 - 00000000 ____D () C:\Users\Yannis\Downloads\Goal! The Dream Begins 2005 BluRay 720p DTS x264-MgB [ETRG]
2014-12-25 18:37 - 2014-12-26 08:56 - 00000000 ____D () C:\Users\Yannis\Downloads\Ghost Recon Future Soldier+DLC+Update - AGB Golden Team
2014-12-25 18:34 - 2014-12-25 18:35 - 00000000 ____D () C:\Users\Yannis\Downloads\Pink Floyd - The Endless River (2014) FLAC Beolab1700
2014-12-25 18:05 - 2014-12-25 23:07 - 00000000 ____D () C:\Users\Yannis\Downloads\Sniper Elite 3 PC full game + DLC
2014-12-25 14:41 - 2014-12-25 14:41 - 00000000 ____D () C:\Users\Yannis\Downloads\A.Christmas.Carol.2009.BRRip.XviD.AC3-MAGNAT - Copy
2014-12-25 14:27 - 2014-12-25 14:34 - 00000000 ____D () C:\Users\Yannis\Downloads\A.Christmas.Carol.2009.BRRip.XviD.AC3-MAGNAT
2014-12-25 13:21 - 2014-12-25 13:21 - 00001050 _____ () C:\Users\Yannis\Desktop\mbam.txt
2014-12-25 12:43 - 2014-12-25 13:03 - 00000000 ____D () C:\Users\Yannis\Downloads\Pro.Evolution.Soccer.2015-RELOADED
2014-12-24 21:08 - 2014-12-24 21:47 - 00000000 ____D () C:\Users\Yannis\Downloads\Thief Update v1.4-RELOADED
2014-12-24 21:07 - 2014-12-25 07:57 - 00000000 ____D () C:\Users\Yannis\Downloads\Thief-RELOADED
2014-12-23 17:38 - 2014-12-23 17:38 - 00000000 ____D () C:\Users\Yannis\Downloads\DUMB AND DUMBER TO (2014) HDRip
2014-12-22 19:53 - 2014-12-22 20:11 - 00000000 ____D () C:\Users\Yannis\Downloads\Ascension S01E01 HDTV
2014-12-22 17:26 - 2014-12-22 17:32 - 00000000 ____D () C:\Users\Yannis\Downloads\Μην Αρχίζεις Την Μουρμούρα S01E41-E50 HDTV
2014-12-22 17:26 - 2014-12-22 17:29 - 00000000 ____D () C:\Users\Yannis\Downloads\Μην Αρχίζεις Την Μουρμούρα S01E21-E30 HDTV
2014-12-22 17:25 - 2014-12-22 17:31 - 00000000 ____D () C:\Users\Yannis\Downloads\Μην Αρχίζεις Την Μουρμούρα S01E31-E40 HDTV
2014-12-21 08:53 - 2014-12-21 12:44 - 1434871874 ____R () C:\Users\Yannis\Downloads\THE LEAGUE.avi
2014-12-21 08:45 - 2014-12-21 12:46 - 00000000 ____D () C:\Users\Yannis\Downloads\Underdogs.aka.Metegol.2013.1080p.BluRay.DD5.1.x264-HDMaNiAcS
2014-12-21 08:09 - 2014-12-21 08:09 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Yannis\Desktop\tdsskiller.exe
2014-12-20 07:08 - 2014-12-20 07:08 - 02166272 _____ () C:\Users\Yannis\Downloads\AdwCleaner(1).exe
2014-12-19 16:51 - 2014-12-19 16:51 - 00000219 _____ () C:\Users\Erik\Desktop\Dota 2.url
2014-12-19 16:47 - 2014-12-19 16:47 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\AVAST Software
2014-12-19 09:04 - 2014-12-19 09:04 - 00000000 ____D () C:\Users\Alexandros\AppData\Roaming\AVAST Software
2014-12-19 06:06 - 2014-12-19 06:11 - 00060043 _____ () C:\ProgramData\1418965550.2620.bin
2014-12-19 06:05 - 2014-12-19 06:18 - 00116167 _____ () C:\ProgramData\1418965550.1660.bin
2014-12-19 06:05 - 2014-12-19 06:12 - 00008561 _____ () C:\ProgramData\1418965550.6668.bin
2014-12-19 06:05 - 2014-12-19 06:12 - 00002227 _____ () C:\ProgramData\1418965550.6744.bin
2014-12-19 06:04 - 2014-12-19 06:07 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-19 06:04 - 2014-12-19 06:07 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-19 06:03 - 2014-12-19 06:03 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-19 06:03 - 2014-12-19 06:03 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\AVAST Software
2014-12-19 06:03 - 2014-12-19 06:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-19 06:01 - 2014-12-30 09:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-19 06:01 - 2014-12-19 06:00 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-19 06:01 - 2014-12-19 06:00 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-19 06:01 - 2014-12-19 06:00 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-19 06:01 - 2014-12-19 06:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-19 06:01 - 2014-12-19 06:00 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-19 06:01 - 2014-12-19 06:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-19 06:01 - 2014-12-19 06:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-19 06:00 - 2014-12-19 06:01 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-19 06:00 - 2014-12-19 06:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-19 06:00 - 2014-12-19 06:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-19 05:59 - 2014-12-19 05:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-19 05:57 - 2014-12-19 05:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-19 05:57 - 2014-12-19 05:57 - 05006864 _____ (AVAST Software) C:\Users\Yannis\Downloads\avast_free_antivirus_setup_online.exe
2014-12-18 21:18 - 2014-12-18 21:18 - 00030785 _____ () C:\ComboFix.txt
2014-12-18 20:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-18 20:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-18 20:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-18 20:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-18 20:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-18 20:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-18 20:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-18 20:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-18 20:26 - 2014-12-18 21:18 - 00000000 ____D () C:\Qoobox
2014-12-18 20:25 - 2014-12-18 21:15 - 00000000 ____D () C:\Windows\erdnt
2014-12-18 19:36 - 2014-12-18 19:36 - 05601641 _____ (Swearware) C:\Users\Yannis\Downloads\ComboFix(2).exe
2014-12-18 19:32 - 2014-12-18 19:50 - 00000000 ____D () C:\Users\Yannis\Downloads\The.Salvation.2014.720p.BluRay.x264.DTS-RARBG
2014-12-18 19:25 - 2014-12-18 19:27 - 00000000 ____D () C:\Users\Yannis\Downloads\Μην Αρχίζεις Την Μουρμούρα S01E11-E20 HDTV
2014-12-17 20:06 - 2014-12-17 20:06 - 00084336 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-12-17 20:06 - 2014-12-17 20:06 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-12-17 19:43 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:43 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 06:42 - 2014-12-16 06:42 - 00011415 _____ () C:\Users\Yannis\Documents\Project_Portfolio_Highlights_IRigas_23_10.xlsx
2014-12-14 14:13 - 2014-12-14 14:13 - 05600944 ____R (Swearware) C:\Users\Yannis\Desktop\ComboFix.exe
2014-12-14 14:11 - 2014-12-14 16:11 - 00002200 _____ () C:\Users\Yannis\Desktop\Rkill.txt
2014-12-14 14:11 - 2014-12-14 14:11 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Yannis\Downloads\rkill.exe
2014-12-14 14:10 - 2014-12-14 14:10 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Yannis\Downloads\rkill.com
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 16:23 - 2014-12-13 16:26 - 00000000 ____D () C:\Users\Yannis\Downloads\I.Origins.2014.SWESUB.720p.wbdl.x264.ac3-314r
2014-12-13 14:50 - 2014-12-13 14:56 - 00000000 ____D () C:\Users\Yannis\Downloads\How To Train Your Dragon 2 [MULTI][WII-Scrubber][PAL][WiiERD][WwW.GamesTorrents.CoM]
2014-12-13 08:43 - 2014-12-13 08:43 - 00000000 ____D () C:\Users\Yannis\Downloads\The Theory of Everything  Η θεωρία των πάντων (2014) HDRip
2014-12-13 08:41 - 2014-12-13 09:03 - 1924141056 ____R () C:\Users\Yannis\Downloads\THE EQUALIZER (2014) 480p BRRip XviD AC3 HQ TOPOL-M.avi
2014-12-13 08:41 - 2014-12-13 09:02 - 2326996952 ____R () C:\Users\Yannis\Downloads\Gone Girl (2014) 480p HDRiP XViD AC3-H34LTH.avi
2014-12-12 19:51 - 2014-12-12 21:47 - 00000000 ____D () C:\Users\Yannis\Downloads\A.Walk.Among.the.Tombstones.2014.720p.WEB-DL.x264.ACC-iFT
2014-12-12 19:30 - 2014-12-12 19:30 - 00048344 _____ () C:\Users\Yannis\Desktop\attach.zip
2014-12-11 20:51 - 2014-12-11 20:51 - 00829475 _____ () C:\Users\Yannis\Desktop\ark.txt
2014-12-11 18:22 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Yannis\Desktop\gmer.exe
2014-12-11 18:13 - 2014-12-30 10:01 - 00049017 _____ () C:\Users\Yannis\Desktop\attach.txt
2014-12-11 18:13 - 2014-12-30 10:01 - 00027005 _____ () C:\Users\Yannis\Desktop\dds.txt
2014-12-11 18:05 - 2014-12-11 18:05 - 00370943 _____ () C:\Users\Yannis\Desktop\gmer.zip
2014-12-11 18:04 - 2014-12-11 18:04 - 00688992 ____R (Swearware) C:\Users\Yannis\Desktop\dds.scr
2014-12-11 17:52 - 2014-12-11 18:10 - 00000000 ____D () C:\Users\Yannis\Downloads\Beethovens.Treasure.Tail.2014.720p.BluRay.x264-BRMP
2014-12-10 20:52 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 20:52 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 20:52 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 20:52 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 20:52 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 20:52 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 20:52 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 20:52 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 20:52 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 20:52 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 13:47 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 13:47 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 13:47 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 13:47 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 13:47 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 13:47 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 13:47 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 13:47 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 13:47 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 13:47 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 13:47 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 13:47 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 13:47 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 13:47 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 13:47 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 13:47 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 13:47 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 13:47 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 13:47 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 13:47 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 13:47 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 13:47 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 13:47 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 13:47 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 13:47 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 13:47 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 13:47 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 13:47 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 13:47 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 13:47 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 13:47 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 13:47 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 13:47 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 13:47 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 13:47 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 13:47 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 13:47 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 13:47 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 13:47 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 13:47 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 13:47 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 13:47 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 13:47 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 13:47 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 13:47 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 13:47 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 13:47 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 13:47 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 13:47 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 13:47 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 13:47 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 13:47 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 13:47 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 13:47 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 13:47 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 13:47 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 13:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 13:47 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 13:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 13:47 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 13:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 13:47 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 13:47 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 13:47 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 13:47 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 13:47 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 13:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 13:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 13:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 13:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 13:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 17:22 - 2014-12-09 17:27 - 00000000 ____D () C:\Users\Erik\AppData\Local\wf-launcher
2014-12-09 17:22 - 2014-12-09 17:27 - 00000000 ____D () C:\ProgramData\GFACE
2014-12-09 09:58 - 2014-12-09 09:58 - 00593728 _____ () C:\Windows\Minidump\120914-21453-01.dmp
2014-12-08 20:29 - 2014-12-21 08:16 - 00000000 ____D () C:\AdwCleaner
2014-12-08 20:29 - 2014-12-08 20:29 - 02153472 _____ () C:\Users\Yannis\Downloads\AdwCleaner.exe
2014-12-08 20:29 - 2014-12-08 20:29 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 19:59 - 2014-12-08 20:00 - 05601243 _____ (Swearware) C:\Users\Yannis\Downloads\ComboFix.exe
2014-12-07 20:12 - 2014-12-07 20:13 - 00000000 ____D () C:\Users\Yannis\Downloads\Μην Αρχίζεις Την Μουρμούρα S01E01-E10 HDTV
2014-12-07 19:38 - 2014-12-07 19:40 - 00000000 ____D () C:\Users\Yannis\Downloads\Dolphin.Tale.2.2014.SWESUB.720p.brrip.x264.ac3-314r
2014-12-07 19:33 - 2014-12-15 20:33 - 02064384 _____ () C:\Users\Yannis\Documents\Projects.accdb
2014-12-07 14:22 - 2014-12-07 14:57 - 00000000 ____D () C:\Program Files (x86)\LEGO Batman 3 - Beyond Gotham
2014-12-07 14:22 - 2014-12-07 14:22 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Batman 3 - Beyond Gotham.lnk
2014-12-07 14:04 - 2014-12-07 14:04 - 00000000 ____D () C:\Users\Yannis\Downloads\LEGO Batman 3 Beyond Gotham DLC Pack 1-BAT
2014-12-07 09:32 - 2014-12-09 07:06 - 00000000 ____D () C:\Users\Yannis\Desktop\Παλιά δεδομένα Firefox
2014-12-06 19:53 - 2014-12-06 19:53 - 00000000 _____ () C:\autoexec.bat
2014-12-06 19:39 - 2014-12-06 19:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Yannis\Downloads\SpyHunter-Installer.exe
2014-12-06 17:33 - 2014-12-06 17:33 - 00608836 ____R () C:\Users\Yannis\Downloads\Project Management Templates.zip
2014-12-06 17:29 - 2014-12-06 17:29 - 00000000 ____D () C:\Users\Yannis\Downloads\TP001141273
2014-12-06 17:28 - 2014-12-06 17:28 - 00015875 _____ () C:\Users\Yannis\Downloads\TP001141273.cab
2014-12-06 15:11 - 2014-12-06 15:24 - 00000000 ____D () C:\Users\Yannis\Downloads\The.Maze.Runner.2014.1080p.BluRay.H264.ACC.5.1.BADASSMEDIA
2014-12-06 14:27 - 2014-12-06 14:40 - 00000000 ____D () C:\Users\Yannis\Downloads\The.Maze.Runner.2014.1080p.BluRay.x264-SPARKS
2014-12-06 14:14 - 2014-12-06 14:14 - 00682926 _____ () C:\Users\Yannis\Downloads\plugins.pkg
2014-12-05 20:07 - 2014-12-05 20:07 - 00334936 _____ () C:\Windows\Minidump\120514-48046-01.dmp
2014-12-05 19:53 - 2014-12-05 20:31 - 00000000 ____D () C:\Users\Yannis\Downloads\Managing Successful Programmes
2014-12-05 19:34 - 2014-12-05 23:34 - 1856480228 ____R () C:\Users\Yannis\Downloads\Dying of the Light (2014) 480p HDRiP XViD AC3-H34LTH.avi
2014-12-05 18:40 - 2014-12-05 18:40 - 00000000 ____D () C:\Users\Erik\AppData\Local\SCE
2014-12-04 18:59 - 2014-12-04 18:59 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-04 18:59 - 2014-12-04 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-04 18:58 - 2014-12-04 18:59 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-04 18:58 - 2014-12-04 18:59 - 00000000 ____D () C:\Program Files\iTunes
2014-12-04 18:58 - 2014-12-04 18:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-04 18:58 - 2014-12-04 18:58 - 00000000 ____D () C:\Program Files\iPod
2014-12-03 17:16 - 2014-12-03 17:16 - 00000000 ____D () C:\Users\Erik\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-12-03 16:44 - 2014-12-03 16:45 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\MMFApplications
2014-12-02 10:26 - 2014-12-02 10:33 - 00081509 ____H () C:\Users\Catarina\Desktop\~WRL0005.tmp
2014-12-02 10:25 - 2014-12-02 10:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 07:04 - 2014-12-01 07:04 - 01220069 _____ () C:\Users\Yannis\Downloads\view(6).aspx
2014-12-01 07:03 - 2014-12-01 07:03 - 01219921 _____ () C:\Users\Yannis\Downloads\view(5).aspx
2014-12-01 07:03 - 2014-12-01 07:03 - 01219921 _____ () C:\Users\Yannis\Downloads\view(4).aspx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 10:38 - 2014-07-15 19:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 10:37 - 2009-07-14 05:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 10:37 - 2009-07-14 05:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 10:33 - 2013-06-21 20:01 - 01482790 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 10:32 - 2014-02-23 16:02 - 00000000 ___RD () C:\Users\Yannis\Google Drive
2014-12-31 10:32 - 2009-07-14 05:51 - 00218455 _____ () C:\Windows\setupact.log
2014-12-31 10:30 - 2014-06-19 19:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 10:30 - 2014-02-23 15:59 - 00001180 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 10:29 - 2013-06-22 06:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-31 10:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 22:48 - 2013-06-26 19:57 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\Skype
2014-12-30 22:46 - 2014-02-23 15:59 - 00001184 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 20:02 - 2014-10-26 11:48 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\Riot Games
2014-12-30 19:29 - 2014-01-17 15:09 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-30 18:15 - 2013-06-23 15:09 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\uTorrent
2014-12-30 16:24 - 2013-06-22 07:40 - 01447700 _____ () C:\Windows\PFRO.log
2014-12-28 19:23 - 2014-06-19 19:13 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-28 19:08 - 2013-11-09 17:11 - 00012054 _____ () C:\Users\Yannis\advanced_ip_scanner_MAC.bin
2014-12-28 18:15 - 2013-10-19 08:24 - 00000000 ____D () C:\Users\Catarina
2014-12-28 18:15 - 2013-09-03 18:28 - 00000000 ____D () C:\Users\Erik
2014-12-28 13:24 - 2014-04-25 13:02 - 00000000 ____D () C:\Users\Alexandros\AppData\Roaming\Skype
2014-12-28 12:12 - 2013-09-02 19:09 - 00000000 ____D () C:\Users\Alexandros\AppData\Roaming\.minecraft
2014-12-28 12:11 - 2013-09-15 14:33 - 00000000 ____D () C:\Users\Alexandros\AppData\Roaming\.technic
2014-12-27 19:56 - 2013-09-02 19:06 - 00000000 ____D () C:\Users\Alexandros
2014-12-27 10:46 - 2013-06-22 08:12 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\vlc
2014-12-27 08:13 - 2013-06-22 04:46 - 00000000 ____D () C:\Users\Yannis
2014-12-27 08:07 - 2014-11-30 20:18 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\moters
2014-12-27 08:07 - 2014-07-31 14:34 - 00000000 ____D () C:\Program Files (x86)\XLN Audio
2014-12-27 08:07 - 2013-06-22 07:30 - 00000000 ____D () C:\ProgramData\Norton
2014-12-27 08:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-26 15:44 - 2013-07-12 20:16 - 00000000 ____D () C:\Users\Yannis\AppData\Local\CrashDumps
2014-12-25 22:55 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2014-12-24 20:19 - 2014-01-26 09:26 - 00000000 ____D () C:\Users\Yannis\Downloads\[PC] Thief - Deadly Shadows [RIP] [dopeman]
2014-12-24 09:13 - 2013-06-26 19:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-24 09:13 - 2013-06-26 19:57 - 00000000 ____D () C:\ProgramData\Skype
2014-12-23 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-23 14:47 - 2014-11-15 11:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-22 22:55 - 2013-09-04 15:06 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\Skype
2014-12-22 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2014-12-21 08:35 - 2014-11-23 18:49 - 00000000 ____D () C:\Users\Yannis\Downloads\Iron Maiden Discography FLAC
2014-12-19 16:58 - 2013-09-03 18:31 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\.minecraft
2014-12-18 21:18 - 2014-04-22 22:09 - 00000000 ____D () C:\Users\dub_cm_auto
2014-12-18 21:18 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-18 21:10 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-18 20:45 - 2013-11-27 05:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-17 21:27 - 2013-09-05 13:54 - 00000000 ____D () C:\Users\Erik\AppData\Roaming\vlc
2014-12-17 20:06 - 2014-11-16 20:01 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-12-17 20:06 - 2014-11-16 19:02 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-12-13 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 22:37 - 2014-08-30 10:29 - 00000000 ____D () C:\Users\Yannis\AppData\Local\Adobe
2014-12-11 22:37 - 2014-07-15 19:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 22:36 - 2013-06-22 05:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 22:36 - 2013-06-22 05:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 17:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 21:00 - 2013-06-23 10:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 20:58 - 2013-07-13 06:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 20:55 - 2013-06-22 05:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 09:58 - 2013-12-14 18:59 - 321285947 _____ () C:\Windows\MEMORY.DMP
2014-12-09 09:58 - 2013-12-14 18:59 - 00000000 ____D () C:\Windows\Minidump
2014-12-09 07:03 - 2014-11-16 17:33 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\KeePass
2014-12-08 20:50 - 2013-06-22 05:22 - 00007599 _____ () C:\Users\Yannis\AppData\Local\Resmon.ResmonCfg
2014-12-08 14:31 - 2013-09-09 07:50 - 00000000 ____D () C:\Users\Alexandros\AppData\Local\CrashDumps
2014-12-07 15:04 - 2014-01-27 20:32 - 00000000 ____D () C:\Users\Alexandros\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-12-07 14:58 - 2014-01-28 19:14 - 00000000 ____D () C:\Users\Yannis\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-12-07 14:14 - 2014-11-29 12:53 - 00000000 ____D () C:\Users\Yannis\Downloads\LEGO.Batman.3.Beyond.Gotham.Proper-RELOADED
2014-12-07 12:25 - 2014-11-24 18:41 - 00000000 ____D () C:\Users\Yannis\Documents\PMPlan
2014-12-07 09:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-06 18:33 - 2014-06-19 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 18:33 - 2014-06-19 19:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 20:03 - 2014-11-16 17:42 - 00003358 _____ () C:\Users\Yannis\Documents\Main.kdbx
2014-12-04 18:58 - 2013-10-30 20:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-04 18:58 - 2013-06-24 05:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-04 18:54 - 2013-06-24 05:06 - 00000000 ____D () C:\ProgramData\Apple
2014-12-03 16:32 - 2013-06-22 07:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-01 15:45 - 2014-10-25 11:06 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software

Some content of TEMP:
====================
C:\Users\Yannis\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Yannis\AppData\Local\Temp\{E69A255D-5A9E-4DC0-9095-3B801CDF3BC9}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 02:15

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Yannis at 2014-12-31 10:43:46
Running from C:\Users\Yannis\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-728855239-3551724509-2161394740-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced IP Scanner 2.3 (HKLM-x32\...\{A02F51A7-1982-4B69-8BD3-7D2B86179752}) (Version: 2.3.2161 - Famatech)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
BankID Security Application (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3602 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{19B593DE-3900-46EA-A7C9-0D68DEA9472C}) (Version: 0.8.10.3602 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Darkfall Unholy Wars (HKLM-x32\...\Steam App 227400) (Version:  - Aventurine SA)
Doom 3 BFG Edition (HKLM-x32\...\Doom 3 BFG Edition_is1) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0979 - Ezvid, inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version:  - Scott Cawthon)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Handelsbanken card reader (HKLM-x32\...\{1E08E4C7-69F9-4723-B05B-4FABEDF29AC2}) (Version: 1.00.0000 - Todos Data System AB)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LEGO - The Hobbit (HKLM-x32\...\TEVHT1RoZUhvYmJpdA==_is1) (Version: 1 - )
LEGO Batman 3 - Beyond Gotham DLC Pack (HKLM-x32\...\TEVHT0JhdG1hbjNCZXlvbmRHb3RoYW0=_is1) (Version: 1 - )
LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version:  - Warner Bros. Games)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit 2007 (HKLM-x32\...\PROOFKIT) (Version: 12.0.4518.1070 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.22.00.422 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 34.0 (x86 el) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 el)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-728855239-3551724509-2161394740-1001\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PANDORA mini SoundEditor (HKLM-x32\...\{F07FF65C-833B-43AC-9691-A5B79896C3BE}) (Version: 1.0.0 - KORG Inc.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Rapture 1.2.2 (HKLM-x32\...\Rapture_x64_is1) (Version: 18.0 - Cakewalk Music Software)
ReValver Mk IIIdotV x64 (HKLM\...\ReValver Mk IIIdotV x64_is1) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SONAR X2 Producer x64 (HKLM-x32\...\SONARX2Producer_x64_is1) (Version: 19.0 - Cakewalk Music Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
The LEGO Movie - Videogame (HKLM-x32\...\VGhlTEVHT01vdmllVmlkZW9nYW1l_is1) (Version: 1 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Video Booth (HKLM-x32\...\VideoBooth) (Version: 2.5.6.2 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VPNCheck 1.5 (HKLM-x32\...\VPNCheck_is1) (Version: VPNCheck 1.5 - Guavi)
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-728855239-3551724509-2161394740-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Yannis\AppData\Roaming\moters\supna.dll () <==== ATTENTION

==================== Restore Points  =========================

19-12-2014 05:58:16 avast! antivirus system restore point
23-12-2014 07:32:48 Windows Update
26-12-2014 13:36:15 Windows Update
27-12-2014 07:48:51 Norton_Power_Eraser_20141227074843485
27-12-2014 08:02:41 Restore Operation
30-12-2014 09:55:24 Windows Update
30-12-2014 19:27:42 Removed League of Legends
30-12-2014 20:00:24 Installed League of Legends
30-12-2014 20:02:04 Installed DirectX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-18 21:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10D7A1E3-0CD8-4B15-9D63-CF1F5B7E6964} - System32\Tasks\{D770EBAE-EBC5-4D99-823B-590A8B9E485D} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing
Task: {229C0548-0F13-48C9-A5D0-504C65DCEC63} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {377C0EC3-8D07-4367-9087-307221844F3B} - System32\Tasks\{2339ECB8-E3F0-4401-88AF-DF4B5E87AD51} => pcalua.exe -a "C:\Users\Yannis\Downloads\[PC] Thief - Deadly Shadows [RIP] [dopeman]\Thief - Deadly Shadows\Setup.exe" -d "C:\Users\Yannis\Downloads\[PC] Thief - Deadly Shadows [RIP] [dopeman]\Thief - Deadly Shadows"
Task: {678C666E-A544-40AB-9292-3019C636F578} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)
Task: {8D347797-7E52-4DF9-B91B-37C6CEDACD6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)
Task: {99F56D37-E4A2-424C-8348-06479B258428} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {A2047F43-FE39-47A8-9B11-789C48B40555} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-19] (AVAST Software)
Task: {D76B6954-8B39-47BC-9E93-F92AC96DC676} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {FDDC33E8-6CC7-45EB-A6F7-BCB5530CD1D7} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-22 06:09 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-21 14:33 - 2013-07-23 04:47 - 00239696 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-12-19 06:00 - 2014-12-19 06:00 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-19 06:00 - 2014-12-19 06:00 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-16 19:02 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-16 19:02 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-31 10:17 - 2014-12-31 10:17 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123100\algo.dll
2014-12-19 06:00 - 2014-12-19 06:00 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-07 21:27 - 2014-10-07 21:27 - 00117760 _____ () C:\Users\Yannis\AppData\Roaming\moters\mentste.dll
2014-12-31 10:31 - 2014-12-31 10:31 - 00098816 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32api.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00110080 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\pywintypes27.dll
2014-12-31 10:31 - 2014-12-31 10:31 - 00364544 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\pythoncom27.dll
2014-12-31 10:31 - 2014-12-31 10:31 - 00045568 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\_socket.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 01160704 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\_ssl.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00320512 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32com.shell.shell.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00713216 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\_hashlib.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 01175040 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._core_.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00805888 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._gdi_.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00811008 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._windows_.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 01062400 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._controls_.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00735232 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._misc_.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00128512 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\_elementtree.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00127488 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\pyexpat.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00557056 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\pysqlite2._sqlite.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00087552 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\_ctypes.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00119808 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32file.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00108544 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32security.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00007168 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\hashobjs_ext.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00167936 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32gui.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00018432 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32event.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00038912 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32inet.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00011264 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32crypt.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00070656 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._html2.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00027136 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\_multiprocessing.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00035840 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32process.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00686080 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\unicodedata.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00122368 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._wizard.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00024064 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32pipe.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00025600 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32pdh.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00525640 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\windows._lib_cacheinvalidation.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00010240 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\select.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00017408 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32profile.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00022528 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\win32ts.pyd
2014-12-31 10:31 - 2014-12-31 10:31 - 00078336 _____ () C:\Users\Yannis\AppData\Local\Temp\_MEI43322\wx._animate.pyd
2014-12-19 06:00 - 2014-12-19 06:00 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-02 10:25 - 2014-12-02 10:26 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:AGC
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:B755D674
AlternateDataStreams: C:\Users\Yannis\Desktop\dds.scr:BDU
AlternateDataStreams: C:\Users\Yannis\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Yannis\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Yannis\Downloads\SpyHunter-Installer.exe:BDU
AlternateDataStreams: C:\Users\Yannis\Downloads\vpnwatcher_v2.0.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55712656.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55712656.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HDD Regenerator => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

========================= Accounts: ==========================

Administrator (S-1-5-21-728855239-3551724509-2161394740-500 - Administrator - Disabled)
Alexandros (S-1-5-21-728855239-3551724509-2161394740-1004 - Limited - Enabled) => C:\Users\Alexandros
Catarina (S-1-5-21-728855239-3551724509-2161394740-1006 - Administrator - Enabled) => C:\Users\Catarina
Erik (S-1-5-21-728855239-3551724509-2161394740-1005 - Limited - Enabled) => C:\Users\Erik
Guest (S-1-5-21-728855239-3551724509-2161394740-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-728855239-3551724509-2161394740-1002 - Limited - Enabled)
Yannis (S-1-5-21-728855239-3551724509-2161394740-1001 - Administrator - Enabled) => C:\Users\Yannis

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 10:29:42 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/31/2014 10:17:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0xb00
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (12/31/2014 10:17:15 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2014 07:41:15 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2014 07:39:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LeagueofLegends_EUNE_Installer_9_15_2014(1).exe version 3.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 141c

Start Time: 01d0245ee8cc68f4

Termination Time: 2

Application Path: C:\Users\Yannis\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014(1).exe

Report Id:

Error: (12/30/2014 07:15:14 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B77AF631-F302-4317-87B0-ED1805D70C2C}: The user Yannis-PC\Yannis dialed a connection named Anonine which has failed. The error code returned on failure is 778.

Error: (12/30/2014 07:12:39 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2014 04:25:00 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2014 01:09:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2014 01:09:08 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]


System errors:
=============
Error: (12/31/2014 10:29:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/31/2014 10:17:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/31/2014 10:17:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/30/2014 07:41:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/30/2014 07:15:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (12/30/2014 07:15:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (12/30/2014 07:15:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (12/30/2014 07:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/30/2014 05:59:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/30/2014 05:59:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-18 20:48:16.918
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-18 20:48:16.793
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 3551.3 MB
Available physical RAM: 1452.95 MB
Total Pagefile: 7100.79 MB
Available Pagefile: 4543.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:394.5 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:135.39 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:298.09 GB) (Free:41.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DAD5F474)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 0000F145)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E97FEDD0)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

http://pastebin.com/ihmvHjwJ

 

 

 

 

Thank you



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:46 AM

Posted 31 December 2014 - 05:36 AM

Hello,

 

It has come to my attention that you have posted for help with your computer at other forums.

 

http://www.techsupportforum.com/forums/f50/solved-computer-running-slow-and-amp-internet-explorer-instances-running-in-task-manager-930250.html

 

Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.

By Multi-Posting you are utilizing the time of two (or more) trained helpers.

Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.
Understandably this causes a certain amount of bad feeling.
From the helper who has needlessly spent time researching your log and compiling and posting instructions.
From others who have to wait longer for their problems to be addressed.
Advice from two separate helpers can cause problems.
Different helpers may use different methods to combat your infection. Whilst each in isolation is safe, that may not be so if you follow the advice of both together. Some of the tools we use are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances.
 

It seems that your problem has been already resolved there so I am going to close this topic. Also both logs (FRST and TDSSKiller logs are clean) but I noticed that you have a lot of pirated software on the system and I do not support piracy at all.

 

No wonder your computer was infected. Using cracks is playing with fire though.
Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.
Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.
So my advice is - stay away from them!

 

Also I noticed that you have some leftovers of Bitdefender. I suggest you to remove them to avoid conflict with avast and system instability:

You should choose the appropriate one for your needs:

http://www.bitdefender.com/uninstall/

 

 

Regards,

Georgi


cXfZ4wS.png


#5 yancim

yancim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 31 December 2014 - 06:41 AM

Dear Georgi

I never hid the fact that I had sought assistance in another forum (it is actually clearly stated in my first post). In fact abiding to your forum rules I marked the thread as solved in the other forum so I could seek advice in yours. If help is not available then please let me know (my problem is stil unresolved and active!!). I have been open and honest in my communication and I understand why my computer might have been infected and wish to resolve this

 

Thanks 



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:46 AM

Posted 31 December 2014 - 08:55 AM

Hi,

 

Yes, I have read you stated that you posted in multiple forums but this is still unacceptable. While we appreciate that you very likely posted at multiple forums in order to ensure a response, in the future please do not cross-post. Resources that help perform malware removal are very precious and very limited, and cross-posting only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems.

 

Ok, if you want me to continue working with you here please remove all illegal stuff from your computer before we can proceed further:

 

Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

 

 

Regards,

Georgi


cXfZ4wS.png


#7 yancim

yancim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 31 December 2014 - 01:05 PM

Hi

See below..

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\cakewalk content\audio library\loops\loopmasters\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\cakewalk content\audio library\loops\sample magic\breakbusters\breaks_synthloop_130_digicrackler_f.rx2
c:\cakewalk content\audio library\loops\sample magic\nu-rave\nr_syn130_crackline2_gb.rx2
c:\program files\cakewalk\vstplugins\rxp\contents\loopmasters\rex loops\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\program files\cakewalk\vstplugins\rxp\contents\sample magic\rex loops\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack5.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack6.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack7.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack4.flac
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\decals\airstripconcretecracks1a_diffuse.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintburned1a_diffuse.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintburned1a_normal.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintwhite1a_diffuse.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintwhite1a_normal.crn
c:\programdata\bluestacks\userdata\inputmapper\com.fluik.plumbercrack.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsands.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsandsads.cfg
c:\programdata\bluestacks\userdata\inputmapper\org.supergonk.safecrackerpremium.cfg
scanner sequence 3.ZZ.11.LLABM0
 ----- EOF -----
 

 

BTW as we speak there are a couple of instances of IE running in task manager (pointing to a casino site) and before arestart I managed to get a glimpse of a background IE page  named pixel.cpm2track.com or something similar

 

 

Thanks again



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:46 AM

Posted 03 January 2015 - 04:39 AM

Hello and Happy New Year!

Hope you have a great new year 2015! May all your dreams come true!

I am sorry about the delay. I had to travel away unexpectedly at the weekend, so wasn't able to do reply earlier.

 

Please go ahead and kill all instances of the rogue processes in Task Manager.

 

Next please download Process Monitor and save it to your desktop. Extract the archive to your desktop and run the file procmon.exe

 

Process Monitor will begin logging from the moment it starts running. To stop this, click the "Capture" icon (ico-01.png).
 
01.png

 

Clear all the events that Process Monitor recorded by clicking the "Clear" icon (ico-03.png)

 

03.png

 

Now go in to the Options menu and select Enable Boot Logging
 
04.png

 

You will be presented with the following dialog. Ensure that profiling events are generated every second and click OK.
 
05.png

 

Reboot the computer.

 

Allow the system to fully load windows and any associated startup programs and wait for the conhost.exe to start multiplying again.

 

Next double-click on the Procmon.exe file to run Process Monitor again.

 

Upon opening Procmon.exe, you will be presented with the following dialog.
 
07.png

 

Click Yes to save the collected data. Insert in the “File name” field the desired name for the output and select the "Save" button.

 

Close Process Monitor.

 

Compress and archive (zip) the PML file and upload it here then post the link to the file in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 yancim

yancim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 January 2015 - 06:03 AM

Hi Georgi

Thank you for your wishes and I also wish you a happy and prosperous 2015. Just a clarification, in your reply you state:

"  Allow the system to fully load windows and any associated startup programs and wait for the conhost.exe to start multiplying again."

 

Do you mean the rogue process initially mentioned (iexplore.exe) or conhost.exe (the reason I am asking is that the conhost.exe process has not been mentioned in our previous correspondence) ? I have checked task manager and there is indeed a conhost.exe process running which momentarily becomes two instances and then reverts back to one again"

 

Thanks again



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:46 AM

Posted 03 January 2015 - 09:44 AM

Hi,

 

Do you mean the rogue process initially mentioned (iexplore.exe) or conhost.exe

 

Yes, sorry. I grabbed my canned speech from an old post and it need to update it a little bit. Sorry for the confusion.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 yancim

yancim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 04 January 2015 - 06:26 AM

Hi Georgi

The tool created dozens of pml files bit I am only posting the primary one as instructed

 

http://www.filedropper.com/bootlog

 

 

Thanks



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:46 AM

Posted 04 January 2015 - 08:05 AM

Hi,

 

I don't see any references of iexplorer.exe or iexplore.exe in the log.

Can you please zip and upload all of the logs?

Also how the process name is spelled?

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#13 yancim

yancim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 04 January 2015 - 10:08 AM

Hi Georgi

The process is called iexplorer.exe and process monitor actually created 191 logs!! (at 280MB each that is almost 55GB worth of logs) I think the poblem lies in that this process does not automatically start every time I start windows. It shows up randomly in the Task manager. So as per your instruction I killed off all the instances and restarted the computer but the process didn't show up until after a couple of days. Is there any other way of collecting the logs?? Maybe a snaphsot at the speceific moment I can see the process instances are running?

 

Thanks



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:46 AM

Posted 04 January 2015 - 01:41 PM

Hi,

 

You can delete the logs then.

We will use a different tool instead. Hopefully it can shed some light on the issue

 

Monitor the system and wait for the iexplorer.exe to appear again.

Please download the Process Explorer from the following link
Extract the zip file and double click the procexp.exe file.
From the View menu, please point to "Lower Pane view" and select Handles.

From the View menu, please point to "Select Columns" and put a checkbox beside the following:

Description, Company Name, Image Path, Command Line, Autostart Location and click OK

Now select the iexplorer.exe process and from the File menu while iexplorer.exe is still selected, please select Save as to save the log file from process explorer.

 

Next from Process Explorer from the View menu, please point to "Lower Pane view" and select DLLs.

Now select the process iexplorer.exe and double click on it.

Click on the Threads tab and make a screenshot of the window.

Now click  click on Stack button and make a screenshot of the window.

Click OK and from the File menu while iexplorer.exe is still selected, please select Save as again to save another log file from process explorer.
Next please zip the logs and the screenshots and upload the archive at http://zippyshare.com/ and then post the link to the file in your next reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 January 2015 - 01:42 PM.

cXfZ4wS.png


#15 yancim

yancim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 04 January 2015 - 03:38 PM

Thanks Georgi

 

See below :

 

http://www58.zippyshare.com/v/37968565/file.html

 

 

I pasted both screenshots in a Word document, I hope that is OK






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users