Solved Dwm.exe in \AppData\local\temp\msupdate71

Demonoid · Sep 27, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by Demonoid (administrator) on NONAME-PC (27-09-2015 23:20:07)
Running from H:\Downloads
Loaded Profiles: Demonoid (Available Profiles: Demonoid)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Dropbox, Inc.) C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\Viber.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-27] (AVAST Software)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22035560 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2015-03-20] (BitTorrent, Inc.)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [Dropbox Update] => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [Viber] => C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\Viber.exe [51512528 2015-09-21] () <===== ATTENTION
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\Demonoid\AppData\Local\Temp\mdi164.dll,dalmat <===== ATTENTION
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\MountPoints2: {153cd78b-103a-11e5-b7bb-d05099496f26} - D:\Lenovo_Suite.exe
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\MountPoints2: {76fbb827-4dbf-11e5-9f77-d05099496f26} - D:\Lenovo_Suite.exe
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\MountPoints2: {c63553b5-52db-11e4-bfcd-d050992e5fa1} - I:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-09-27]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CFA938E-9A76-4C29-A7BC-C89F8A6E15BF}: [DhcpNameServer] 195.134.100.90 192.168.1.1
Tcpip\..\Interfaces\{FF59E871-227B-4AE1-97A6-8ED54A96D063}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/el-gr/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-27] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-27] (AVAST Software)
BHO-x32: yourprofitclub -> {97eda6ce-6ce9-4cc6-9e74-74930c276ab2} -> C:\Windows\SysWow64\c57f5c42.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Demonoid\AppData\Roaming\Mozilla\Firefox\Profiles\04lbq59k.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @QVision/NetDVR_V3 -> C:\Program Files\QVision\V3\npnetdvrV3.dll [2012-12-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-27]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://granmafepa.blogspot.com/","hxxp://www.efepa.gr/","hxxp://www.search.ask.com/?tpid=ATU4-V7C&o=APN11391&pf=V7&trgb=CR&p2=%5EBAY%5Eaaa024%5EYY%5EGR&gct=hp&apn_ptnrs=%5EBAY&apn_dtid=%5Eaaa024%5EYY%5EGR&apn_dbr=cr_33.0.1750.154&apn_uid=D4B61B2E-D67B-4EC8-AE22-90C630308D4C&itbv=12.10.3.4594&doi=2014-03-23&psv=","hxxp://www.sweet-page.com/?type=hp&ts=1429035518&from=cor&uid=KINGSTONXSH103S3240G_50026B724508152A"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Profile: C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Διαφάνειες Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-05]
CHR Extension: (Έγγραφα Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-05]
CHR Extension: (Google Drive ) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-05]
CHR Extension: (Σβήνετε τα φώτα) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-05]
CHR Extension: (Αναζήτηση Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-05]
CHR Extension: (Υπολογιστικά φύλλα Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-05]
CHR Extension: (Έγγραφα Google εκτός σύνδεσης) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (AdBlock) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-06]
CHR Extension: (YouRepeat) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-10-06]
CHR Extension: (Speed Dial 2) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2014-10-06]
CHR Extension: (Abstract Design) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaefhihbildlibbognaonkdhakohilk [2014-10-06]
CHR Extension: (Πληρωμές στο Chrome Web Store) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05]
CHR Extension: (Gmail) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"BFE" => service could not be unlocked. <===== ATTENTION

U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-27] (AVAST Software)
U3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-27] (Avast Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-08-13] (Comodo Security Solutions, Inc.)
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
U2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
U2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
U2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
U3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
U2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
U2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-27] (AVAST Software)
U2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-27] (AVAST Software)
U1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-27] (AVAST Software)
U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-27] (AVAST Software)
U1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-27] (AVAST Software)
U1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-27] (AVAST Software)
U2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-27] (AVAST Software)
U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-27] (AVAST Software)
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
U3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-04] (Intel Corporation)
U3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
U3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
U3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
U3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
U3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
U3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
U0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-27] (AVAST Software)
U3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
U2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-27] (Avast Software)
U5 BFE; <===== ATTENTION: Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 23:19 - 2015-09-27 23:20 - 00000000 ___HD C:\VTRoot
2015-09-27 23:19 - 2015-09-27 23:20 - 00000000 ____D C:\FRST
2015-09-27 23:19 - 2015-09-27 23:19 - 00003494 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-09-27 23:17 - 2015-09-27 23:17 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-27 23:17 - 2015-09-27 23:17 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-27 23:17 - 2015-09-27 23:17 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-27 23:17 - 2015-09-27 23:17 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-27 23:17 - 2015-09-27 23:17 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-27 23:17 - 2015-09-27 23:17 - 00000000 ____D C:\Windows\system32\vbox
2015-09-27 23:17 - 2015-09-27 23:17 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\AVAST Software
2015-09-27 23:17 - 2015-09-27 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-27 23:17 - 2015-09-27 23:17 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-27 23:16 - 2015-09-27 23:16 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\pkmtldkx.sys
2015-09-27 23:16 - 2015-09-27 23:16 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-27 23:14 - 2015-09-27 23:14 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-27 23:14 - 2015-09-27 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-09-27 23:05 - 2015-09-27 23:15 - 00159008 _____ C:\Windows\system32\Drivers\sfi.dat
2015-09-27 23:05 - 2015-09-27 23:05 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2015-09-27 23:03 - 2015-09-27 23:03 - 00000000 ____D C:\ProgramData\Shared Space
2015-09-27 23:02 - 2015-09-27 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-27 23:02 - 2015-09-27 23:14 - 00000000 ____D C:\Program Files\COMODO
2015-09-27 23:02 - 2015-09-27 23:02 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Comodo
2015-09-27 23:01 - 2015-09-27 23:05 - 00000000 ____D C:\ProgramData\Comodo
2015-09-27 22:47 - 2015-09-27 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
2015-09-27 22:47 - 2015-09-27 22:47 - 00000000 ____D C:\Program Files (x86)\Free WMA to MP3 Converter
2015-09-27 21:54 - 2015-09-27 21:54 - 00003182 _____ C:\Windows\System32\Tasks\{E4A114CA-CE79-44F5-A3AD-AE95CC27C436}
2015-09-27 21:54 - 2015-09-27 21:54 - 00003150 _____ C:\Windows\System32\Tasks\{2CEB6F29-6990-49DB-B939-6F866FC91F98}
2015-09-26 21:10 - 2015-09-26 21:10 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Viber
2015-09-26 21:10 - 2015-09-26 21:10 - 00000000 ____D C:\Users\Demonoid\.ViberPC
2015-09-26 21:10 - 2015-09-26 21:10 - 00000000 ____D C:\Users\Demonoid\.QtWebEngineProcess
2015-09-11 20:35 - 2015-09-11 20:35 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-09-05 00:36 - 2015-09-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-09-04 05:22 - 2015-09-04 05:22 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 12:52 - 2015-09-03 12:52 - 00579408 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-09-03 12:52 - 2015-09-03 12:52 - 00445472 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 23:20 - 2014-10-05 22:22 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\uTorrent
2015-09-27 23:18 - 2014-10-05 22:29 - 00000000 ____D C:\Windows\AutoKMS
2015-09-27 23:11 - 2014-10-05 22:29 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Skype
2015-09-27 23:04 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-27 23:03 - 2014-10-05 19:51 - 02061676 _____ C:\Windows\WindowsUpdate.log
2015-09-27 23:00 - 2014-10-05 20:16 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-27 22:40 - 2014-10-05 22:29 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-27 22:40 - 2014-10-05 22:29 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-09-27 22:40 - 2009-07-14 07:45 - 00013120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-27 22:40 - 2009-07-14 07:45 - 00013120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-27 22:36 - 2014-10-05 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-09-27 22:36 - 2014-10-05 22:36 - 00000000 ____D C:\ProgramData\Sony
2015-09-27 22:36 - 2014-10-05 22:36 - 00000000 ____D C:\Program Files (x86)\Sony
2015-09-27 22:35 - 2015-06-22 07:24 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000UA.job
2015-09-27 21:45 - 2014-10-08 00:01 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\vlc
2015-09-27 17:46 - 2015-08-22 20:15 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\ViberPC
2015-09-27 14:00 - 2014-10-05 20:16 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-27 09:56 - 2009-07-14 07:51 - 00119598 _____ C:\Windows\setupact.log
2015-09-27 01:35 - 2015-06-22 07:24 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000Core.job
2015-09-26 21:10 - 2014-10-05 19:49 - 00000000 ____D C:\Users\Demonoid
2015-09-26 18:53 - 2015-02-25 18:21 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Popcorn-Time
2015-09-22 20:58 - 2014-10-05 20:49 - 00716828 _____ C:\Windows\system32\perfh019.dat
2015-09-22 20:58 - 2014-10-05 20:49 - 00150632 _____ C:\Windows\system32\perfc019.dat
2015-09-22 20:58 - 2014-10-05 20:47 - 00607346 _____ C:\Windows\system32\perfh008.dat
2015-09-22 20:58 - 2014-10-05 20:47 - 00111044 _____ C:\Windows\system32\perfc008.dat
2015-09-22 20:58 - 2009-07-14 08:13 - 02359084 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-22 20:56 - 2014-10-05 22:23 - 00000000 ____D C:\ProgramData\MCShield
2015-09-22 09:32 - 2014-12-11 22:34 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-22 09:32 - 2014-10-05 22:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-21 22:40 - 2015-06-05 01:40 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-21 22:40 - 2014-10-05 22:13 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Dropbox
2015-09-21 22:40 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-17 13:55 - 2014-10-05 20:16 - 00004180 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 13:55 - 2014-10-05 20:16 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 13:46 - 2014-10-05 20:20 - 00021336 _____ C:\Windows\PFRO.log
2015-09-13 10:17 - 2009-07-14 10:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-13 06:19 - 2015-08-22 20:16 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\NVIDIA
2015-09-11 20:35 - 2015-02-25 18:21 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Popcorn Time
2015-09-10 13:51 - 2014-10-05 20:16 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Google
2015-09-10 03:03 - 2014-12-12 22:02 - 00000000 ____D C:\Windows\system32\MRT
2015-09-01 17:55 - 2015-08-22 20:15 - 00001000 _____ C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk

==================== Files in the root of some directories =======

2014-10-22 16:40 - 2013-11-18 13:45 - 23215192 ____R (PremiumSoft CyberTech Ltd.) C:\Program Files\Navicat_11.0.7_EN_Portable.exe
2014-10-16 02:24 - 2014-10-16 02:24 - 0001456 _____ () C:\Users\Demonoid\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-07 21:12 - 2014-10-07 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\Viber.exe

Some files in TEMP:
====================
C:\Users\Demonoid\AppData\Local\Temp\arctic-loop.exe
C:\Users\Demonoid\AppData\Local\Temp\atcMedia9711434172662.exe
C:\Users\Demonoid\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Demonoid\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprvaso2.dll
C:\Users\Demonoid\AppData\Local\Temp\mdi064.dll
C:\Users\Demonoid\AppData\Local\Temp\mdi164.dll
C:\Users\Demonoid\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Demonoid\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Demonoid\AppData\Local\Temp\update.exe
C:\Users\Demonoid\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Demonoid\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-21 00:19

==================== End of FRST.txt ============================

Demonoid · Sep 27, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Demonoid (2015-09-27 23:20:30)
Running from H:\Downloads
Windows 7 Ultimate (X64) (2014-10-05 16:49:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1776458337-3485265842-733792251-500 - Administrator - Disabled)
Demonoid (S-1-5-21-1776458337-3485265842-733792251-1000 - Administrator - Enabled) => C:\Users\Demonoid
Guest (S-1-5-21-1776458337-3485265842-733792251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1776458337-3485265842-733792251-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
AVS Video Editor 7.0 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
COMODO Internet Security Premium (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
Dropbox (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Edirol HQ Orchestral v1.01 (HKLM-x32\...\Edirol HQ Orchestral v1.01) (Version: - )
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Finale 2014 (HKLM-x32\...\Finale 2014) (Version: 2014.0.3163.2 - MakeMusic)
Free Disk Analyzer (HKLM-x32\...\Free Disk Analyzer) (Version: 1.0.1.22 - Extensoft)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
GeekBuddy (HKLM\...\{A09AEC8C-5054-4E92-93DE-EA0B8C73BCF2}) (Version: 4.21.144 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{32DBDC48-3413-428A-8A78-0C93B064D7D0}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
K-Lite Codec Pack 10.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LenovoUsbDriver 1.0.13 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.13 - Lenovo)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NetDVR_V3 (HKLM-x32\...\NetDVR_V3) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Popcorn Time (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Popcorn Time) (Version: - Popcorn Official)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Skype™ 6.20 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.20.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpeQ Mathematics 3.4 (HKLM-x32\...\SpeQ Mathematics) (Version: 3.4 - )
Spotify (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
UoA OpenVPN 2.1_rc20 (HKLM-x32\...\UoAOpenVPN) (Version: 2.1_rc20 - )
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Viber (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VirtualDJ 8 (HKLM-x32\...\{C322F3EC-3737-47E7-8FAF-1E1A1DE237ED}) (Version: 8.0.2179.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{ECF41531-0840-4361-955F-1157A091842F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2014-10-05 22:19 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DAE8C70-F13D-4855-B0EE-2B9723576E27} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {1F3B3E14-5273-4381-9EB6-2A2BD67E7253} - System32\Tasks\AdobeAAMUpdater-1.0-NoName-PC-Demonoid => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {26C13B94-8AA0-4C2C-AFD0-80B508D589D3} - System32\Tasks\{E4A114CA-CE79-44F5-A3AD-AE95CC27C436} => pcalua.exe -a "H:\Programs\Music Converter\dBpowerAMP-codec-wmav91.exe" -d "H:\Programs\Music Converter"
Task: {43DC8AB3-9007-4B8B-8C81-1ECA0F5CA9E6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-23] ()
Task: {6563B51D-A174-4134-B274-7A8F1CBA6785} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {7F74A8F7-EE67-4EB6-8DB1-E725C4FD6A98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {81BEC65D-2371-44FE-A838-6F280EF82EE6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {864830B4-B66D-4F3B-935B-50169684E1DB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000Core => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {8A27B94B-2AB1-4F96-9AB3-B01F7AA5D22D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000UA => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {8F81FC6F-1D41-4672-929D-40ACF075E442} - System32\Tasks\{2CEB6F29-6990-49DB-B939-6F866FC91F98} => pcalua.exe -a "H:\Programs\Music Converter\dMC-r10.exe" -d "H:\Programs\Music Converter"
Task: {9363BF72-C40A-43D1-87A0-EFFF0F061130} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-27] (AVAST Software)
Task: {B374B34B-306B-4F7D-810E-9614C4040001} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C37B9161-50ED-470D-B997-78ED03223BB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CB703FA1-3F79-4160-B84C-8B871AA5A7F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CD440788-116B-4865-B502-1C8F06888D05} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D31F3269-3079-4D91-82B3-6B326B3F3FE5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {DBB90167-1423-479D-8707-5BB9409C1774} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {E6068A42-E1FF-43A0-BE5A-156FC19D5B14} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000Core.job => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000UA.job => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-05 01:39 - 2015-02-04 05:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 22:29 - 2014-05-01 22:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-10-14 04:43 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-09-21 22:42 - 2015-09-21 22:42 - 51512528 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\Viber.exe
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-08-13 14:34 - 2015-08-13 14:34 - 01283776 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 02875584 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 10451648 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 00039104 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 01529024 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2014-10-14 04:43 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-09-21 22:40 - 2015-09-21 22:40 - 00071168 _____ () c:\users\demonoid\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprvaso2.dll
2015-03-05 00:45 - 2015-08-05 08:26 - 00012800 _____ () C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 00:45 - 2015-08-05 08:26 - 00779776 _____ () C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 22:37 - 2015-08-05 08:26 - 00056320 _____ () C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-05 00:45 - 2015-08-05 08:26 - 00012288 _____ () C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00089088 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\qfacebook.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00390656 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\imageformats\qsvg.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00012288 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtQuick.2\qtquick2plugin.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00690176 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00057856 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00012288 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtQuick\Window.2\windowplugin.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00425984 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtLocation\declarative_location.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00065024 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtPositioning\declarative_positioning.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00184320 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtMultimedia\declarative_multimedia.dll
2015-09-21 22:42 - 2015-09-21 22:42 - 00044032 _____ () C:\Users\Demonoid\AppData\Local\Temp\5.3.0.1884\5.3.0.1884\QtQml\StateMachine\qtqmlstatemachine.dll
2014-09-06 19:44 - 2014-09-06 19:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 19:41 - 2014-05-24 19:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 19:41 - 2014-05-24 19:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-09-26 05:01 - 2015-09-24 05:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-26 05:01 - 2015-09-24 05:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-26 05:01 - 2015-09-24 05:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
2015-09-27 22:03 - 2015-09-27 22:03 - 00126976 _____ () C:\Users\Demonoid\AppData\Local\Temp\mdi064.dll
2015-09-27 22:04 - 2015-09-27 22:04 - 00126976 _____ () C:\Users\Demonoid\AppData\Local\Temp\mdi164.dll
2015-09-27 23:17 - 2015-09-27 23:17 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-27 23:17 - 2015-09-27 23:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-27 23:17 - 2015-09-27 23:17 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15091702\algo.dll
2015-09-27 23:18 - 2015-09-27 23:18 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092701\algo.dll
2015-09-27 23:17 - 2015-09-27 23:17 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1776458337-3485265842-733792251-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: Spotify => "C:\Users\Demonoid\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Demonoid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0F02D375-273F-47B9-BCC4-FE7611DDD408}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FC993902-F65D-4793-90BB-F7521860A2DC}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B5BC3497-EE95-4F76-8F63-3EA4F8C7442A}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{AA99E2CA-C9A0-452B-A543-1EEE0E04B810}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{2503DD09-56AC-415C-8D0B-B94E5F0566DC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{F6DFA3D0-3C46-495C-9EBF-7D408C6C6AD9}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\ApplicationRegistration.exe
FirewallRules: [{221E80E0-B841-477D-BF7B-C58E060DDB02}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe
FirewallRules: [TCP Query User{2B2D8EC9-263C-4A85-8128-19984721EF06}C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1FF3315A-CED2-4F4B-BAD0-20EC5634588C}C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8EFFC010-BC26-4474-8BFE-B043A2A371C7}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{18433466-A7C9-4CA2-8015-74E7C8F5E0F0}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{CDB90305-D2DF-4F2B-B537-42FF583EB5E9}] => (Allow) G:\Saved Games\Steam\Steam.exe
FirewallRules: [{3F34258B-D17B-4C1B-AFD8-0D17BD21DA83}] => (Allow) G:\Saved Games\Steam\Steam.exe
FirewallRules: [{F9728E15-21A8-483E-8E2C-181F3E634799}] => (Allow) G:\Saved Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{21228C8E-B5DB-42E3-80B3-6577921443C5}] => (Allow) G:\Saved Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{3C42FCF1-BE58-4AC9-A615-85411712B93D}] => (Allow) G:\Saved Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8073BCEE-F0C0-44C5-B8DC-29A1EA7C9B5D}] => (Allow) G:\Saved Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{38A1880E-287B-4316-9EE5-86E18D396243}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{2DE42331-ACA6-48D4-9861-C8E16AE43AF5}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{2564E3AD-EB20-41EC-A8DF-65E128E2025D}] => (Allow) G:\Saved Games\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [{051CB282-9A7B-445B-9BFF-DE68A203FABF}] => (Allow) G:\Saved Games\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [TCP Query User{F5FA43E7-881A-433E-8BA2-3E33092C17DA}C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{789B18A8-68AE-4E6E-8C8F-281FC94BE2CC}C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{6893B99D-F192-471C-9224-F45842096D86}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{DADE36F7-A5B6-4636-B17A-869760CB232F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EFF092BF-519B-4EE7-96BF-F031B91948EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04C2F806-F66B-4CD1-A167-C5EBEE9F3C39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CD5D3341-47B8-45DE-81FF-776B570E8C74}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CFF4CF35-8D03-44B0-AA66-EE201A489207}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C2038C36-964B-493C-BCC4-A059C0782556}C:\users\demonoid\appdata\local\popcorn time\nw.exe] => (Block) C:\users\demonoid\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{78A543F5-EF24-4D0B-A447-B141C90FB117}C:\users\demonoid\appdata\local\popcorn time\nw.exe] => (Block) C:\users\demonoid\appdata\local\popcorn time\nw.exe
FirewallRules: [{E4A4B637-7FD7-46CB-8F66-888C370D39DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E9359B9-24F3-4740-B499-5B7F5868BAA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7A89243F-03E8-4133-BB97-DF5831B92583}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F3E8FCA5-9F2F-4E7C-85D8-6E3CC138AAED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CA83E14E-BE02-4F3A-BF22-39263C9168F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A7D24E29-1679-414C-9F8F-28AEB91DF1DD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E6338511-05BB-4D5F-AE3B-08B12E57F07B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

System error 123 has occurred.

The filename, directory name, or volume label syntax is incorrect.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 49%
Total physical RAM: 16338.96 MB
Available physical RAM: 8304.43 MB
Total Virtual: 32676.07 MB
Available Virtual: 23553.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:162.48 GB) NTFS
Drive f: (Batman Disk) (Fixed) (Total:232.88 GB) (Free:47.17 GB) NTFS
Drive g: (Space) (Fixed) (Total:300 GB) (Free:89.79 GB) NTFS
Drive h: (Files) (Fixed) (Total:631.51 GB) (Free:174.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D520FECC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1911048E)
Partition 1: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=631.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 19471946)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Sep 27, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Demonoid · Sep 28, 2015

RogueKiller
RogueKiller V10.10.7.0 [Sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : Demonoid [Administrator]
Started from : G:\Desktop\RogueKiller.exe
Mode : Delete -- Date : 09/28/2015 16:51:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x6ddf885d (call 0xf6228848)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dcf03e5ffed54c6aa28d47f4c5d40ca7
[BSP] a8b98c92f42bd357812be3b49008d59d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 0a8938979d7f8073e8873d8ce8cbe5ae
[BSP] ac0b915a61fe57f5589c759ebc2e1e55 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 307200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 629147648 | Size: 646666 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] 535fd3364a594bc8f6bed788b51d8243
[BSP] f80df226a3111727c2b36d81e35db7d0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238469 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V10.10.7.0 [Sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : Demonoid [Administrator]
Started from : G:\Desktop\RogueKiller.exe
Mode : Delete -- Date : 09/28/2015 16:51:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x6ddf885d (call 0xf6228848)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dcf03e5ffed54c6aa28d47f4c5d40ca7
[BSP] a8b98c92f42bd357812be3b49008d59d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 0a8938979d7f8073e8873d8ce8cbe5ae
[BSP] ac0b915a61fe57f5589c759ebc2e1e55 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 307200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 629147648 | Size: 646666 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] 535fd3364a594bc8f6bed788b51d8243
[BSP] f80df226a3111727c2b36d81e35db7d0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238469 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V10.10.7.0 [Sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : Demonoid [Administrator]
Started from : G:\Desktop\RogueKiller.exe
Mode : Delete -- Date : 09/28/2015 16:51:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x6ddf885d (call 0xf6228848)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dcf03e5ffed54c6aa28d47f4c5d40ca7
[BSP] a8b98c92f42bd357812be3b49008d59d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 0a8938979d7f8073e8873d8ce8cbe5ae
[BSP] ac0b915a61fe57f5589c759ebc2e1e55 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 307200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 629147648 | Size: 646666 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] 535fd3364a594bc8f6bed788b51d8243
[BSP] f80df226a3111727c2b36d81e35db7d0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238469 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

and the others coming soon!! TY

Demonoid · Sep 28, 2015

Malware anti-malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/9/2015
Scan Time: 2:37 μμ
Logfile: anti malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.28.03
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Demonoid

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 488614
Time Elapsed: 14 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Demonoid · Sep 28, 2015

# AdwCleaner v5.009 - Logfile created 28/09/2015 at 17:08:06
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Server]
# Operating system : Windows 7 Ultimate (x64)
# Username : Demonoid - NONAME-PC
# Running from : G:\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder Deleted : C:\ProgramData\ParetoLogic
[#] Folder Deleted : C:\ProgramData\Uniblue
[#] Folder Deleted : C:\Users\Demonoid\AppData\Roaming\ParetoLogic

***** [ Files ] *****

[-] File Deleted : C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
[-] Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[!] Key Not Deleted : [x64] HKCU\Software\ParetoLogic

***** [ Web browsers ] *****

[-] [C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : q
[-] [C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : sweet-page
[-] [C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.search.ask.com/?tpid=ATU4-V7C&o=APN11391&pf=V7&trgb=CR&p2=%5EBAY%5Eaaa024%5EYY%5EGR&gct=hp&apn_ptnrs=%5EBAY&apn_dtid=%5Eaaa024%5EYY%5EGR&apn_dbr=cr_33.0.1750.154&apn_uid=D4B61B2E-D67B-4EC8-AE22-90C630308D4C&itbv=12.10.3.4594&doi=2014-03-23&psv=
[-] [C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.sweet-page.com/?type=hp&ts=1429035518&from=cor&uid=KINGSTONXSH103S3240G_50026B724508152A

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2145 bytes] ##########

Demonoid · Sep 28, 2015

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 7 Ultimate x64
Ran by Demonoid on ƒ¬ 28/09/2015 at 17:15:28,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{97eda6ce-6ce9-4cc6-9e74-74930c276ab2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97eda6ce-6ce9-4cc6-9e74-74930c276ab2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{97eda6ce-6ce9-4cc6-9e74-74930c276ab2}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Users\Demonoid\Appdata\Local\ggempire

~~~ Chrome

[C:\Users\Demonoid\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Demonoid\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Demonoid\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Demonoid\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ƒ¬ 28/09/2015 at 17:17:06,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Sep 28, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Demonoid · Sep 29, 2015

ComboFix 15-09-25.01 - Demonoid 29/09/2015 14:54:27.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1253.30.1033.18.16339.13975 [GMT 3:00]
Running from: g:\desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Demonoid\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-08-28 to 2015-09-29 )))))))))))))))))))))))))))))))
.
.
2015-09-28 14:07 . 2015-09-28 14:08 -------- d-----w- C:\AdwCleaner
2015-09-28 13:57 . 2015-09-29 11:58 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-28 13:57 . 2015-09-28 13:57 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-28 13:57 . 2015-06-18 05:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-28 13:57 . 2015-06-18 05:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-28 13:57 . 2015-06-18 05:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-28 12:00 . 2015-09-28 12:00 -------- d-----w- c:\users\Demonoid\AppData\Roaming\Avira
2015-09-28 11:56 . 2015-09-01 14:09 74952 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-09-28 11:56 . 2015-09-01 14:09 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-09-28 11:56 . 2015-09-01 14:09 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-09-28 11:56 . 2015-09-01 14:09 163544 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-09-28 11:52 . 2015-09-28 11:56 -------- d-----w- c:\programdata\Avira
2015-09-28 11:52 . 2015-09-28 11:56 -------- d-----w- c:\program files (x86)\Avira
2015-09-28 11:27 . 2015-09-28 11:27 -------- d-----w- c:\programdata\Malwarebytes
2015-09-28 11:19 . 2015-09-28 11:19 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-09-28 11:12 . 2015-09-28 11:12 -------- d-----w- c:\programdata\VIPRE
2015-09-28 09:45 . 2015-09-28 13:38 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-28 09:45 . 2015-09-28 10:25 -------- d-----w- c:\programdata\RogueKiller
2015-09-27 20:17 . 2015-09-27 20:17 -------- d-----w- c:\windows\SysWow64\vbox
2015-09-27 20:17 . 2015-09-27 20:17 -------- d-----w- c:\windows\system32\vbox
2015-09-27 20:16 . 2015-09-28 11:25 -------- d-----w- c:\programdata\AVAST Software
2015-09-27 20:14 . 2015-09-27 22:19 -------- d-----w- c:\windows\system32\appmgmt
2015-09-27 20:02 . 2015-09-27 20:02 -------- d-----w- c:\users\Demonoid\AppData\Local\Comodo
2015-09-27 20:01 . 2015-09-27 22:16 -------- d-----w- c:\programdata\Comodo
2015-09-27 19:47 . 2015-09-27 19:47 -------- d-----w- c:\program files (x86)\Free WMA to MP3 Converter
2015-09-26 18:10 . 2015-09-26 18:10 -------- d-----w- c:\users\Demonoid\AppData\Local\Viber
2015-09-26 18:10 . 2015-09-26 18:10 -------- d-----w- c:\users\Demonoid\.ViberPC
2015-09-26 18:10 . 2015-09-26 18:10 -------- d-----w- c:\users\Demonoid\.QtWebEngineProcess
2015-09-15 23:43 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D60022A8-96AD-4E72-AB9A-A5A91AB3902B}\mpengine.dll
2015-09-13 07:18 . 2015-09-13 07:18 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-29 11:58 . 2015-09-29 11:58 118 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-26 15:37 . 2014-12-12 19:02 134753440 ----a-w- c:\windows\system32\MRT.exe
2013-11-18 10:45 . 2014-10-22 13:40 23215192 ----a-r- c:\program files\Navicat_11.0.7_EN_Portable.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22035560]
"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2015-03-20 399736]
"Dropbox Update"="c:\users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-22 134512]
"Viber"="c:\users\Demonoid\AppData\Local\Viber\Viber.exe" [2015-09-21 51512528]
"Spotify Web Helper"="c:\users\Demonoid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-27 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-07-07 998104]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-09-10 66320]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-09-01 782520]
.
c:\users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-5-5 39175960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
S0 asstor64;asstor64;c:\windows\system32\DRIVERS\asstor64.sys;c:\windows\SYSNATIVE\DRIVERS\asstor64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-26 02:00 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-28 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000Core.job
- c:\users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22 04:24]
.
2015-09-29 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000UA.job
- c:\users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22 04:24]
.
2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-05 00:50]
.
2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-05 00:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-05-28 36352]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-08-25 5860656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FF59E871-227B-4AE1-97A6-8ED54A96D063}: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Wow6432Node-HKLM-Run-AdobeCS5ServiceManager - c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Completion time: 2015-09-29 14:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2015-09-29 11:59
.
Pre-Run: 173.826.519.040 bytes free
Post-Run: 173.459.804.160 bytes free
.
- - End Of File - - B489F89E0F3BCAF8421DC1B3E12E111B
A36C5E4F47E84449FF07ED3517B43A31

Broni · Sep 29, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Demonoid · Sep 30, 2015

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by Demonoid (administrator) on NONAME-PC (30-09-2015 15:57:43)
Running from G:\Desktop
Loaded Profiles: Demonoid (Available Profiles: Demonoid)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
() C:\Users\Demonoid\AppData\Local\Viber\Viber.exe
(Spotify Ltd) C:\Users\Demonoid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-09-01] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22035560 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2015-03-20] (BitTorrent, Inc.)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [Dropbox Update] => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [Viber] => C:\Users\Demonoid\AppData\Local\Viber\Viber.exe [51512528 2015-09-21] ()
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Run: [Spotify Web Helper] => C:\Users\Demonoid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-27] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CFA938E-9A76-4C29-A7BC-C89F8A6E15BF}: [DhcpNameServer] 195.134.100.90 192.168.1.1
Tcpip\..\Interfaces\{FF59E871-227B-4AE1-97A6-8ED54A96D063}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Demonoid\AppData\Roaming\Mozilla\Firefox\Profiles\04lbq59k.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @QVision/NetDVR_V3 -> C:\Program Files\QVision\V3\npnetdvrV3.dll [2012-12-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Demonoid\AppData\Roaming\Mozilla\Firefox\Profiles\04lbq59k.default\Extensions\abs@avira.com [2015-09-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://granmafepa.blogspot.com/","hxxp://www.efepa.gr/","hxxp://www.search.ask.com/?tpid=ATU4-V7C&o=APN11391&pf=V7&trgb=CR&p2=%5EBAY%5Eaaa024%5EYY%5EGR&gct=hp&apn_ptnrs=%5EBAY&apn_dtid=%5Eaaa024%5EYY%5EGR&apn_dbr=cr_33.0.1750.154&apn_uid=D4B61B2E-D67B-4EC8-AE22-90C630308D4C&itbv=12.10.3.4594&doi=2014-03-23&psv=","hxxp://www.sweet-page.com/?type=hp&ts=1429035518&from=cor&uid=KINGSTONXSH103S3240G_50026B724508152A"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Profile: C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Διαφάνειες Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-05]
CHR Extension: (Έγγραφα Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-05]
CHR Extension: (Google Drive ) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-05]
CHR Extension: (Σβήνετε τα φώτα) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-05]
CHR Extension: (Αναζήτηση Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-05]
CHR Extension: (Υπολογιστικά φύλλα Google) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-05]
CHR Extension: (Έγγραφα Google εκτός σύνδεσης) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (AdBlock) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-06]
CHR Extension: (YouRepeat) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-10-06]
CHR Extension: (Speed Dial 2) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2014-10-06]
CHR Extension: (Abstract Design) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaefhihbildlibbognaonkdhakohilk [2014-10-06]
CHR Extension: (Πληρωμές στο Chrome Web Store) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-05]
CHR Extension: (Gmail) - C:\Users\Demonoid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148688 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-01] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-04] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 15:57 - 2015-09-30 15:57 - 00000000 ____D C:\FRST
2015-09-29 14:59 - 2015-09-29 14:59 - 00029418 _____ C:\ComboFix.txt
2015-09-29 14:54 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-29 14:54 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-29 14:54 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-29 14:54 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-29 14:54 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-29 14:54 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-29 14:54 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-29 14:54 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-29 14:53 - 2015-09-29 14:59 - 00000000 ____D C:\Windows\erdnt
2015-09-29 14:53 - 2015-09-29 14:59 - 00000000 ____D C:\Qoobox
2015-09-28 17:07 - 2015-09-28 17:08 - 00000000 ____D C:\AdwCleaner
2015-09-28 16:57 - 2015-09-29 14:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-28 16:57 - 2015-09-28 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-28 16:57 - 2015-09-28 16:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-28 16:57 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-28 16:57 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-28 16:57 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-28 15:47 - 2015-09-28 15:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-28 15:00 - 2015-09-28 15:00 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Avira
2015-09-28 14:56 - 2015-09-01 17:09 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-28 14:56 - 2015-09-01 17:09 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-09-28 14:56 - 2015-09-01 17:09 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-09-28 14:56 - 2015-09-01 17:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-09-28 14:52 - 2015-09-28 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-28 14:52 - 2015-09-28 14:56 - 00000000 ____D C:\ProgramData\Avira
2015-09-28 14:52 - 2015-09-28 14:56 - 00000000 ____D C:\Program Files (x86)\Avira
2015-09-28 14:27 - 2015-09-28 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-28 14:12 - 2015-09-28 14:12 - 00000000 ____D C:\ProgramData\VIPRE
2015-09-28 13:27 - 2015-09-28 13:27 - 00000000 ____D C:\Windows\pss
2015-09-28 12:45 - 2015-09-28 16:38 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-28 12:45 - 2015-09-28 13:25 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-27 23:17 - 2015-09-27 23:17 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-27 23:17 - 2015-09-27 23:17 - 00000000 ____D C:\Windows\system32\vbox
2015-09-27 23:16 - 2015-09-28 14:25 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-27 23:14 - 2015-09-28 01:19 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-27 23:02 - 2015-09-28 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-27 23:02 - 2015-09-27 23:02 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Comodo
2015-09-27 23:01 - 2015-09-28 01:16 - 00000000 ____D C:\ProgramData\Comodo
2015-09-27 22:47 - 2015-09-27 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
2015-09-27 22:47 - 2015-09-27 22:47 - 00000000 ____D C:\Program Files (x86)\Free WMA to MP3 Converter
2015-09-27 21:54 - 2015-09-27 21:54 - 00003182 _____ C:\Windows\System32\Tasks\{E4A114CA-CE79-44F5-A3AD-AE95CC27C436}
2015-09-27 21:54 - 2015-09-27 21:54 - 00003150 _____ C:\Windows\System32\Tasks\{2CEB6F29-6990-49DB-B939-6F866FC91F98}
2015-09-26 21:10 - 2015-09-26 21:10 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Viber
2015-09-26 21:10 - 2015-09-26 21:10 - 00000000 ____D C:\Users\Demonoid\.ViberPC
2015-09-26 21:10 - 2015-09-26 21:10 - 00000000 ____D C:\Users\Demonoid\.QtWebEngineProcess
2015-09-11 20:35 - 2015-09-11 20:35 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-09-05 00:36 - 2015-09-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-09-04 05:22 - 2015-09-04 05:22 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 15:35 - 2015-06-22 07:24 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000UA.job
2015-09-30 15:34 - 2014-10-05 22:29 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Skype
2015-09-30 15:00 - 2014-10-05 20:16 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-30 14:09 - 2014-10-05 20:16 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-30 12:32 - 2014-10-05 19:51 - 01120981 _____ C:\Windows\WindowsUpdate.log
2015-09-30 01:35 - 2015-06-22 07:24 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000Core.job
2015-09-29 19:29 - 2009-07-14 07:51 - 00125366 _____ C:\Windows\setupact.log
2015-09-29 17:22 - 2015-08-22 20:15 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\ViberPC
2015-09-29 15:03 - 2014-10-05 20:49 - 00716828 _____ C:\Windows\system32\perfh019.dat
2015-09-29 15:03 - 2014-10-05 20:49 - 00150632 _____ C:\Windows\system32\perfc019.dat
2015-09-29 15:03 - 2014-10-05 20:47 - 00607346 _____ C:\Windows\system32\perfh008.dat
2015-09-29 15:03 - 2014-10-05 20:47 - 00111044 _____ C:\Windows\system32\perfc008.dat
2015-09-29 15:03 - 2009-07-14 08:13 - 02361068 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 14:59 - 2014-10-05 22:22 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\uTorrent
2015-09-29 14:59 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Default
2015-09-29 14:58 - 2015-06-05 01:40 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-29 14:58 - 2014-10-05 22:23 - 00000000 ____D C:\ProgramData\MCShield
2015-09-29 14:58 - 2014-10-05 22:13 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Dropbox
2015-09-29 14:58 - 2014-10-05 20:20 - 00987028 _____ C:\Windows\PFRO.log
2015-09-29 14:58 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 14:58 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-09-29 00:33 - 2014-10-08 00:01 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\vlc
2015-09-28 21:23 - 2014-10-14 04:57 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\Spotify
2015-09-28 21:22 - 2014-10-14 04:58 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Spotify
2015-09-28 21:09 - 2009-07-14 07:45 - 00013120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-28 21:09 - 2009-07-14 07:45 - 00013120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-28 15:47 - 2014-10-05 22:15 - 00000000 ____D C:\ProgramData\Adobe
2015-09-28 14:52 - 2014-10-05 22:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-28 14:34 - 2015-08-22 20:15 - 00000998 _____ C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-09-28 14:34 - 2014-12-11 22:34 - 00000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-28 14:34 - 2014-10-14 04:58 - 00001827 _____ C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-09-28 14:34 - 2014-10-05 19:39 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-28 14:34 - 2014-10-05 19:39 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-28 14:34 - 2009-07-14 07:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-28 14:34 - 2009-07-14 07:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-09-28 14:34 - 2009-07-14 07:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-28 14:34 - 2009-07-14 07:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-28 14:33 - 2014-11-04 17:06 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2015-09-28 14:33 - 2009-07-14 08:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-28 14:33 - 2009-07-14 07:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-28 14:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Resources
2015-09-28 01:16 - 2014-10-05 22:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-27 23:54 - 2014-11-10 01:30 - 00000000 ____D C:\temp
2015-09-27 23:46 - 2014-10-05 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-09-27 23:46 - 2014-10-05 22:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-27 23:43 - 2014-10-05 22:21 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-27 23:43 - 2014-10-05 22:21 - 00000000 ____D C:\Program Files\Adobe
2015-09-27 23:18 - 2014-10-05 22:29 - 00000000 ____D C:\Windows\AutoKMS
2015-09-27 23:04 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-27 22:36 - 2014-10-05 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-09-27 22:36 - 2014-10-05 22:36 - 00000000 ____D C:\ProgramData\Sony
2015-09-27 22:36 - 2014-10-05 22:36 - 00000000 ____D C:\Program Files (x86)\Sony
2015-09-26 21:10 - 2014-10-05 19:49 - 00000000 ____D C:\Users\Demonoid
2015-09-26 18:53 - 2015-02-25 18:21 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Popcorn-Time
2015-09-17 13:55 - 2014-10-05 20:16 - 00004180 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 13:55 - 2014-10-05 20:16 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-13 10:17 - 2009-07-14 10:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-13 06:19 - 2015-08-22 20:16 - 00000000 ____D C:\Users\Demonoid\AppData\Roaming\NVIDIA
2015-09-11 20:35 - 2015-02-25 18:21 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Popcorn Time
2015-09-10 13:51 - 2014-10-05 20:16 - 00000000 ____D C:\Users\Demonoid\AppData\Local\Google
2015-09-10 03:03 - 2014-12-12 22:02 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-10-22 16:40 - 2013-11-18 13:45 - 23215192 ____R (PremiumSoft CyberTech Ltd.) C:\Program Files\Navicat_11.0.7_EN_Portable.exe
2015-09-28 14:08 - 2015-09-28 14:16 - 0000115 _____ () C:\Users\Demonoid\AppData\Roaming\LogFile.txt
2014-10-16 02:24 - 2014-10-16 02:24 - 0001456 _____ () C:\Users\Demonoid\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-07 21:12 - 2014-10-07 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-21 00:19

==================== End of FRST.txt ============================

Demonoid · Sep 30, 2015

addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Demonoid (2015-09-30 15:57:54)
Running from G:\Desktop
Windows 7 Ultimate (X64) (2014-10-05 16:49:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1776458337-3485265842-733792251-500 - Administrator - Disabled)
Demonoid (S-1-5-21-1776458337-3485265842-733792251-1000 - Administrator - Enabled) => C:\Users\Demonoid
Guest (S-1-5-21-1776458337-3485265842-733792251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1776458337-3485265842-733792251-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{5dfbeba9-9f22-463d-8c95-c861911810a2}) (Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG) Hidden
AVS Video Editor 7.0 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
Dropbox (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Edirol HQ Orchestral v1.01 (HKLM-x32\...\Edirol HQ Orchestral v1.01) (Version: - )
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Finale 2014 (HKLM-x32\...\Finale 2014) (Version: 2014.0.3163.2 - MakeMusic)
Free Disk Analyzer (HKLM-x32\...\Free Disk Analyzer) (Version: 1.0.1.22 - Extensoft)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{32DBDC48-3413-428A-8A78-0C93B064D7D0}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
K-Lite Codec Pack 10.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LenovoUsbDriver 1.0.13 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.13 - Lenovo)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NetDVR_V3 (HKLM-x32\...\NetDVR_V3) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Popcorn Time (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Popcorn Time) (Version: - Popcorn Official)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Skype™ 6.20 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.20.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpeQ Mathematics 3.4 (HKLM-x32\...\SpeQ Mathematics) (Version: 3.4 - )
Spotify (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
UoA OpenVPN 2.1_rc20 (HKLM-x32\...\UoAOpenVPN) (Version: 2.1_rc20 - )
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Viber (HKU\S-1-5-21-1776458337-3485265842-733792251-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VirtualDJ 8 (HKLM-x32\...\{C322F3EC-3737-47E7-8FAF-1E1A1DE237ED}) (Version: 8.0.2179.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{ECF41531-0840-4361-955F-1157A091842F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

28-09-2015 15:46:49 Revo Uninstaller's restore point - Adobe Reader XI (11.0.12)
28-09-2015 16:55:14 Revo Uninstaller's restore point - Malwarebytes Anti-Malware έκδοση 2.1.8.1057
28-09-2015 17:15:29 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2015-09-29 14:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F3B3E14-5273-4381-9EB6-2A2BD67E7253} - System32\Tasks\AdobeAAMUpdater-1.0-NoName-PC-Demonoid => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {26C13B94-8AA0-4C2C-AFD0-80B508D589D3} - System32\Tasks\{E4A114CA-CE79-44F5-A3AD-AE95CC27C436} => pcalua.exe -a "H:\Programs\Music Converter\dBpowerAMP-codec-wmav91.exe" -d "H:\Programs\Music Converter"
Task: {43DC8AB3-9007-4B8B-8C81-1ECA0F5CA9E6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-23] ()
Task: {7F74A8F7-EE67-4EB6-8DB1-E725C4FD6A98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {864830B4-B66D-4F3B-935B-50169684E1DB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000Core => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {8A27B94B-2AB1-4F96-9AB3-B01F7AA5D22D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000UA => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {8F81FC6F-1D41-4672-929D-40ACF075E442} - System32\Tasks\{2CEB6F29-6990-49DB-B939-6F866FC91F98} => pcalua.exe -a "H:\Programs\Music Converter\dMC-r10.exe" -d "H:\Programs\Music Converter"
Task: {B374B34B-306B-4F7D-810E-9614C4040001} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C37B9161-50ED-470D-B997-78ED03223BB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CB703FA1-3F79-4160-B84C-8B871AA5A7F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CD440788-116B-4865-B502-1C8F06888D05} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000Core.job => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1776458337-3485265842-733792251-1000UA.job => C:\Users\Demonoid\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-05 01:39 - 2015-02-04 05:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-10-14 04:43 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-09-26 21:10 - 2015-09-21 22:42 - 51512528 _____ () C:\Users\Demonoid\AppData\Local\Viber\Viber.exe
2014-10-14 04:43 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00089088 _____ () C:\Users\Demonoid\AppData\Local\Viber\qfacebook.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00390656 _____ () C:\Users\Demonoid\AppData\Local\Viber\imageformats\qsvg.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00012288 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00690176 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00057856 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00012288 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00184320 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00044032 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtQml\StateMachine\qtqmlstatemachine.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00425984 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtLocation\declarative_location.dll
2015-09-26 21:10 - 2015-09-21 22:42 - 00065024 _____ () C:\Users\Demonoid\AppData\Local\Viber\QtPositioning\declarative_positioning.dll
2014-09-06 19:44 - 2014-09-06 19:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 19:41 - 2014-05-24 19:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 19:41 - 2014-05-24 19:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-09-26 05:01 - 2015-09-24 05:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-26 05:01 - 2015-09-24 05:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-26 05:01 - 2015-09-24 05:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1776458337-3485265842-733792251-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Demonoid\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0F02D375-273F-47B9-BCC4-FE7611DDD408}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FC993902-F65D-4793-90BB-F7521860A2DC}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B5BC3497-EE95-4F76-8F63-3EA4F8C7442A}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{AA99E2CA-C9A0-452B-A543-1EEE0E04B810}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{2503DD09-56AC-415C-8D0B-B94E5F0566DC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{F6DFA3D0-3C46-495C-9EBF-7D408C6C6AD9}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\ApplicationRegistration.exe
FirewallRules: [{221E80E0-B841-477D-BF7B-C58E060DDB02}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe
FirewallRules: [TCP Query User{2B2D8EC9-263C-4A85-8128-19984721EF06}C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1FF3315A-CED2-4F4B-BAD0-20EC5634588C}C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\demonoid\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8EFFC010-BC26-4474-8BFE-B043A2A371C7}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{18433466-A7C9-4CA2-8015-74E7C8F5E0F0}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{CDB90305-D2DF-4F2B-B537-42FF583EB5E9}] => (Allow) G:\Saved Games\Steam\Steam.exe
FirewallRules: [{3F34258B-D17B-4C1B-AFD8-0D17BD21DA83}] => (Allow) G:\Saved Games\Steam\Steam.exe
FirewallRules: [{F9728E15-21A8-483E-8E2C-181F3E634799}] => (Allow) G:\Saved Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{21228C8E-B5DB-42E3-80B3-6577921443C5}] => (Allow) G:\Saved Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{3C42FCF1-BE58-4AC9-A615-85411712B93D}] => (Allow) G:\Saved Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8073BCEE-F0C0-44C5-B8DC-29A1EA7C9B5D}] => (Allow) G:\Saved Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{38A1880E-287B-4316-9EE5-86E18D396243}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{2DE42331-ACA6-48D4-9861-C8E16AE43AF5}] => (Allow) C:\Users\Demonoid\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{2564E3AD-EB20-41EC-A8DF-65E128E2025D}] => (Allow) G:\Saved Games\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [{051CB282-9A7B-445B-9BFF-DE68A203FABF}] => (Allow) G:\Saved Games\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [TCP Query User{F5FA43E7-881A-433E-8BA2-3E33092C17DA}C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{789B18A8-68AE-4E6E-8C8F-281FC94BE2CC}C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\demonoid\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{6893B99D-F192-471C-9224-F45842096D86}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{DADE36F7-A5B6-4636-B17A-869760CB232F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EFF092BF-519B-4EE7-96BF-F031B91948EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04C2F806-F66B-4CD1-A167-C5EBEE9F3C39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CD5D3341-47B8-45DE-81FF-776B570E8C74}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CFF4CF35-8D03-44B0-AA66-EE201A489207}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C2038C36-964B-493C-BCC4-A059C0782556}C:\users\demonoid\appdata\local\popcorn time\nw.exe] => (Block) C:\users\demonoid\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{78A543F5-EF24-4D0B-A447-B141C90FB117}C:\users\demonoid\appdata\local\popcorn time\nw.exe] => (Block) C:\users\demonoid\appdata\local\popcorn time\nw.exe
FirewallRules: [{E4A4B637-7FD7-46CB-8F66-888C370D39DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E9359B9-24F3-4740-B499-5B7F5868BAA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7A89243F-03E8-4133-BB97-DF5831B92583}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F3E8FCA5-9F2F-4E7C-85D8-6E3CC138AAED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CA83E14E-BE02-4F3A-BF22-39263C9168F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2015 11:54:26 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/29/2015 02:58:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Faulting module name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Exception code: 0xc0000005
Fault offset: 0x0000000000017719
Faulting process id: 0x51c
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (09/29/2015 02:58:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/28/2015 09:22:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Faulting module name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Exception code: 0xc0000005
Fault offset: 0x0000000000017719
Faulting process id: 0x4d8
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (09/28/2015 09:21:42 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/28/2015 05:22:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error: (09/28/2015 05:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Faulting module name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Exception code: 0xc0000005
Fault offset: 0x0000000000017719
Faulting process id: 0x500
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (09/28/2015 05:09:29 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/28/2015 02:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Faulting module name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0
Exception code: 0xc0000005
Fault offset: 0x0000000000017719
Faulting process id: 0x4c4
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (09/28/2015 02:34:57 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

System errors:
=============
Error: (09/29/2015 02:58:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
%%-2147467259

Error: (09/29/2015 02:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%31

Error: (09/29/2015 02:58:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%31

Error: (09/29/2015 02:58:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/29/2015 02:56:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/29/2015 02:56:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/29/2015 02:55:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/28/2015 09:22:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
%%-2147467259

Error: (09/28/2015 09:22:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/28/2015 09:18:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR4.

CodeIntegrity:
===================================
Date: 2015-09-29 14:56:12.283
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-29 14:56:12.267
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 40%
Total physical RAM: 16338.96 MB
Available physical RAM: 9643.63 MB
Total Virtual: 32676.07 MB
Available Virtual: 25386.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:163.24 GB) NTFS
Drive f: (Batman Disk) (Fixed) (Total:232.88 GB) (Free:47.17 GB) NTFS
Drive g: (Space) (Fixed) (Total:300 GB) (Free:89.75 GB) NTFS
Drive h: (Files) (Fixed) (Total:631.51 GB) (Free:175.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D520FECC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1911048E)
Partition 1: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=631.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 19471946)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Sep 30, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Broni · Oct 5, 2015

Still with me?

Demonoid · Oct 10, 2015

Yeah but I dont have my PC ! Ill be there after 3-4 days, sorry and thank you

Broni · Oct 10, 2015

Demonoid · Oct 12, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
Ran by Demonoid (2015-10-12 17:58:46) Run:1
Running from G:\Desktop
Loaded Profiles: Demonoid & (Available Profiles: Demonoid)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1776458337-3485265842-733792251-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-10-22 16:40 - 2013-11-18 13:45 - 23215192 ____R (PremiumSoft CyberTech Ltd.) C:\Program Files\Navicat_11.0.7_EN_Portable.exe
2015-09-28 14:08 - 2015-09-28 14:16 - 0000115 _____ () C:\Users\Demonoid\AppData\Roaming\LogFile.txt
2014-10-16 02:24 - 2014-10-16 02:24 - 0001456 _____ () C:\Users\Demonoid\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-07 21:12 - 2014-10-07 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{ECF41531-0840-4361-955F-1157A091842F}\InprocServer32 -> no filepath

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1776458337-3485265842-733792251-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
catchme => service removed successfully
C:\Program Files\Navicat_11.0.7_EN_Portable.exe => moved successfully
C:\Users\Demonoid\AppData\Roaming\LogFile.txt => moved successfully
C:\Users\Demonoid\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}" => key removed successfully
"HKU\S-1-5-21-1776458337-3485265842-733792251-1000_Classes\CLSID\{ECF41531-0840-4361-955F-1157A091842F}" => key removed successfully

==== End of Fixlog 17:58:46 ====

Broni · Oct 12, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Demonoid · Oct 13, 2015

Results of screen317's Security Check version 1.009
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome (45.0.2454.101)
Google Chrome (45.0.2454.93)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Avira Antivirus sched.exe
Avira Antivirus avshadow.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Demonoid · Oct 13, 2015

Farbar Service Scanner Version: 26-07-2015
Ran by Demonoid (administrator) on 13-10-2015 at 18:22:51
Running from "G:\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Demonoid · Oct 13, 2015

No threats are founded with Sophos Free Virus Removal Tool

Broni · Oct 13, 2015

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current (Service Pack 1!!!)

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Demonoid · Oct 15, 2015

Thank you!!!! you 're the best!!!!

Broni · Oct 15, 2015

Way to go!!
Good luck and stay safe

Solved Dwm.exe in \AppData\local\temp\msupdate71

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Attachments

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Similar threads