TechSpot

"This copy of windows is not genuine"

By cheetadready
Dec 8, 2015
  1. Hello there,

    I recently been getting the "This copy of windows is not genuine" msg on the corner of my screen, however, my windows is genuine and it's not cracked.
    In the past few days, I have recognized, I can not download any new updates and some of my Softwares which I constantly use them, they often freeze in the middle of the work.

    In the past few days, my Microsoft security essential has turned into yellow and whenever I run the full scan, my laptop heats up, and shots off.
    Not to mention that, recently when I turn off the laptop, the windows doesn't shut down properly.

    I have the Malwarebytes anti-malware membership, therefore, I usually run the anti-malware but, this time, the problem seems to be deeper than that.

    I would appreciate any help.
    With Regards,

    Kia
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. cheetadready

    cheetadready TS Rookie Topic Starter Posts: 32

    Thanks for your response, here I post my logs in order;
    1- FRST.txt
    2- Addition.txt
     
  4. cheetadready

    cheetadready TS Rookie Topic Starter Posts: 32

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
    Ran by Kiarash (administrator) on KIARASH-PC (08-12-2015 17:11:09)
    Running from C:\Users\Kiarash\Desktop
    Loaded Profiles: UpdatusUser & Kiarash & Guest (Available Profiles: UpdatusUser & Kiarash & Guest)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\BackupService.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Microsoft Corporation) C:\Windows\System32\schtasks.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
    () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\schtasks.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_b0108c5\instup.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Spotify Ltd) C:\Users\Kiarash\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    () C:\Program Files (x86)\Hotkey\Hotkey.exe
    (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Autodesk Inc.) C:\Users\Kiarash\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\sdclt.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
    (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Spotify Ltd) C:\Users\Kiarash\AppData\Roaming\Spotify\SpotifyCrashService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
    (Microsoft Corporation) C:\Windows\System32\schtasks.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
    (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
    (Microsoft Corporation) C:\Windows\System32\slui.exe
    (Spotify Ltd) C:\Users\Kiarash\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\Kiarash\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\Kiarash\AppData\Roaming\Spotify\Spotify.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Akamai Technologies, Inc.) C:\Users\Kiarash\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Kiarash\AppData\Local\Akamai\netsession_win.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817320 2011-07-28] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
    HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
    HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
    HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
    HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [506480 2012-12-28] (CyberLink)
    HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [375168 2012-12-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-20] (Autodesk Inc.)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-08] (AVAST Software)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
    HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157456 2015-10-16] (Apple Inc.)
    HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Run: [Auto] => E:\autorun.exe
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Kiarash\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Spotify Web Helper] => C:\Users\Kiarash\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-03] (Spotify Ltd)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Google Update] => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761064 2015-09-26] (Adobe Systems Incorporated)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [GoogleChromeAutoLaunch_BC03278F5F2032C30941F9849C90F428] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [801096 2015-11-30] (Google Inc.)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Spotify] => C:\Users\Kiarash\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-12-03] (Spotify Ltd)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [801096 2015-11-30] (Google Inc.)
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Policies\Explorer: []
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-08] (AVAST Software)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
    ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-27]
    ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2013-02-13]
    ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-01-08]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk [2013-03-13]
    ShortcutTarget: TotalMedia BackUp & Recorder Monitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe (ArcSoft, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-27]
    ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
    Startup: C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-11]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{2EEC7411-7E69-44E4-AACD-F67F9C4540E6}: [DhcpNameServer] 172.26.38.1 172.26.38.2
    Tcpip\..\Interfaces\{7841A935-29D8-4247-BD6E-62B8302A867E}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{D30549B7-1E2C-43E6-9A81-C00027ECB9C3}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-900365376-1320249618-260173824-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
    URLSearchHook: [S-1-5-21-900365376-1320249618-260173824-501] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-900365376-1320249618-260173824-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-24] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-900365376-1320249618-260173824-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kiarash\AppData\Roaming\Mozilla\Firefox\Profiles\n0s4o6tc.default
    FF DefaultSearchEngine.US: Google
    FF SelectedSearchEngine: Yahoo!
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_238.dll [2015-12-08] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_238.dll [2015-12-08] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-06] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Kiarash\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Kiarash\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-06] (Citrix Online)
    FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kiarash\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @talk.google.com/O1DPlugin -> C:\Users\Kiarash\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Kiarash\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Kiarash\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-07-04] [not signed]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-15] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-07] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-07] [not signed]
    FF HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
    FF HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Firefox\Extensions: [GetLyrcis@levaddons.com] - C:\Program Files (x86)\GetLyrics\FF => not found

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://axisearch.com/?channel=en","hxxp://search.easylifeapp.com/","hxxp://speedial.com/?f=1&a=spd_wnzp_14_20_ff&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzztD0E0CtAtA0E0EtBtDtCtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0DtByDyE0A0AtAtGyE0A0ByCtGyB0AyBtCtGtBtAzztAtGyE0AyEtAzz0F0EzytAzy0ByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0Czy0EyBtA0EzztGtA0CyDtCtG0ByDyBtBtG0E0CzyyDtGyEyD0D0EyCtCyD0EtC0DtCtB2Q&cr=1334993540&ir=","hxxp://astromenda.com/?f=7&a=ast_ir_14_44_ff&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzztD0E0CtAtA0E0EtBtDtCtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtBzytDyCyDzz0BtGyDtAtCtAtGtCyEtD0AtG0B0A0CyDtGtDtAzztB0E0D0EtCzy0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyCyByE0FtC0CtGzztAyB0DtGyEtD0F0AtGzzyB0DtDtG0AtC0A0F0DtAtDtCzy0EtAzz2Q&cr=1910322012&ir=","hxxps://www.google.com/"
    CHR NewTab: Default -> "chrome-extension://lbokmpfckpapgecocdjhlgenajjemcdn/index.html"
    CHR Profile: C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Translate) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
    CHR Extension: (Google Drive) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
    CHR Extension: (YouTube) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2015-05-14]
    CHR Extension: (Google Search) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Adobe Acrobat) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-09]
    CHR Extension: (Pandora) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-05-14]
    CHR Extension: (Anti-Porn Malware Redirector PRO) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcolhagfpagloldpcglmopecbjabeghl [2015-11-12]
    CHR Extension: (Google Docs Offline) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (AdBlock) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
    CHR Extension: (Avast Online Security) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
    CHR Extension: (Pin It Button) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-23]
    CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2015-11-15]
    CHR Extension: (CloudConvert) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2015-05-14]
    CHR Extension: (Google Play Music) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-05-14]
    CHR Extension: (The Weather Channel for Chrome) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-05-14]
    CHR Extension: (Voice Recognition) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-09-20]
    CHR Extension: (Dropbox) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-30]
    CHR Extension: (Personal Trainer - Yoga) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjigbeknhpeholihfbnpmofgfnobdllk [2015-05-14]
    CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-12-07]
    CHR Extension: (ArchDaily New Tab) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbokmpfckpapgecocdjhlgenajjemcdn [2015-11-21]
    CHR Extension: (Skype Click to Call) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-15]
    CHR Extension: (Google Maps) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
    CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-12-04]
    CHR Extension: (Outlook.com) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-05-14]
    CHR Extension: (World Clocks 2) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-05-14]
    CHR Extension: (Gmail) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
    CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kiarash\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-16]
    CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
    CHR HKLM-x32\...\Chrome\Extension: [eioaimhbaiomogmbefipmnbpjmefhhoc] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2011-09-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-08]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================
     
  5. cheetadready

    cheetadready TS Rookie Topic Starter Posts: 32

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-20] (Autodesk Inc.)
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
    R2 ArcSoftServiceHelperTool; C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\BackupService.exe [355432 2012-08-13] (ArcSoft, Inc.)
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-08] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-08] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-08] (Avast Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [91248 2012-12-28] (CyberLink Corp.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-02-13] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-13] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78960 2012-12-28] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296048 2012-12-28] (CyberLink)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-25] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-25] (Dropbox, Inc.)
    R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-09] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-02-03] (Robert McNeel & Associates)
    S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35840 2012-06-28] () [File not signed]
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-30] (Realtek Semiconductor)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-07] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-08] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-07] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-08] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-07] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-07] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-07] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-07] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-07] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-07] (AVAST Software)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-08] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2015-08-28] (Nicomsoft Ltd.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-12-07] (AVAST Software)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
    R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [269968 2012-07-02] (Realtek Semiconductor Corp.)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-23] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-08] (Avast Software)
    R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-08 17:11 - 2015-12-08 17:11 - 00054803 _____ C:\Users\Kiarash\Desktop\FRST.txt
    2015-12-08 17:11 - 2015-12-08 17:11 - 00000000 ____D C:\FRST
    2015-12-08 17:10 - 2015-12-08 17:10 - 02369024 _____ (Farbar) C:\Users\Kiarash\Desktop\FRST64.exe
    2015-12-08 13:52 - 2015-12-08 13:52 - 00058853 _____ C:\Users\Kiarash\Desktop\fre.wma
    2015-12-08 13:51 - 2015-12-08 13:51 - 00063343 _____ C:\Users\Kiarash\Desktop\ref.wma
    2015-12-08 13:25 - 2015-12-08 13:25 - 00002158 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk
    2015-12-08 13:25 - 2015-12-08 13:25 - 00002072 _____ C:\Users\Public\Desktop\LayOut 2016.lnk
    2015-12-08 13:25 - 2015-12-08 13:25 - 00001987 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk
    2015-12-08 13:25 - 2015-12-08 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
    2015-12-08 13:02 - 2015-12-08 13:03 - 127059552 _____ (Trimble Navigation Limited) C:\Users\Kiarash\Desktop\SketchUpPro-en-x64.exe
    2015-12-07 16:07 - 2015-12-07 16:07 - 00171012 _____ C:\Users\Kiarash\Desktop\AMBS Proposes World's Tallest Tower in Iraq _ ArchDaily.html
    2015-12-07 15:22 - 2015-12-07 15:22 - 00055344 _____ C:\Users\Kiarash\Desktop\Accoya Acetylated Wood _ High Performance, long life modified timber.html
    2015-12-07 14:36 - 2015-12-07 14:37 - 88548352 _____ (TryMyUI Inc.) C:\Users\Kiarash\Desktop\TryMyUIRecorder_windows_1_0_0.exe
    2015-12-07 14:05 - 2015-12-07 14:05 - 00094773 _____ C:\Users\Kiarash\Desktop\f.wma
    2015-12-07 14:05 - 2015-12-07 14:05 - 00081303 _____ C:\Users\Kiarash\Desktop\sd.wma
    2015-12-07 14:04 - 2015-12-07 14:12 - 00000000 ____D C:\Users\Kiarash\AppData\Roaming\.WhatUsersDo-Recorder
    2015-12-07 14:02 - 2015-12-07 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhatUsersDo-Screen-Recorder
    2015-12-07 14:02 - 2015-12-07 14:02 - 00000000 ____D C:\Program Files (x86)\WhatUsersDo-Screen-Recorder
    2015-12-07 14:01 - 2015-12-07 14:02 - 111675840 _____ (WhatUsersDo Ltd ) C:\Users\Kiarash\Desktop\whatusersdo-recorder.exe
    2015-12-07 13:47 - 2015-12-07 13:47 - 00117223 _____ C:\Users\Kiarash\Desktop\rt.wma
    2015-12-07 12:53 - 2015-12-07 12:53 - 00413563 _____ C:\Users\Kiarash\Desktop\3.wma
    2015-12-07 12:49 - 2015-12-07 12:49 - 00292333 _____ C:\Users\Kiarash\Desktop\2.wma
    2015-12-07 12:49 - 2015-12-07 12:49 - 00126203 _____ C:\Users\Kiarash\Desktop\1.wma
    2015-12-07 12:02 - 2015-12-07 12:02 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-12-07 12:02 - 2015-12-07 12:02 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-12-07 12:02 - 2015-11-08 08:52 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswECB7.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswECFA.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswECFB.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswED0C.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvECB6.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswECD9.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswECD7.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswECEA.tmp
    2015-12-07 12:02 - 2015-11-08 08:52 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswECD8.tmp
    2015-12-06 21:18 - 2015-12-06 21:18 - 01678511 _____ C:\Users\Kiarash\Desktop\Kiarash Filsouf-Assignment 13-1- Project Team Organizational Chart.pdf
    2015-12-06 20:50 - 2015-12-06 20:50 - 00248170 _____ C:\Users\Kiarash\Desktop\Prabhudesai_Assignment_13.1.pdf
    2015-12-06 18:06 - 2015-12-06 18:06 - 03058856 _____ (Microsoft Corporation) C:\Users\Kiarash\Setup.X86.en-US_O365HomePremRetail_f8fbac84-f226-4160-8ada-7c116c9f636d_TX_PR_ (1).exe
    2015-12-06 16:25 - 2015-12-06 16:25 - 03058856 _____ (Microsoft Corporation) C:\Users\Kiarash\Desktop\Setup.X86.en-US_O365HomePremRetail_f8fbac84-f226-4160-8ada-7c116c9f636d_TX_PR_.exe
    2015-12-04 15:09 - 2015-12-04 15:09 - 00494833 _____ C:\Users\Kiarash\Desktop\d.pdf
    2015-12-03 20:44 - 2015-12-03 20:44 - 06420480 _____ C:\Program Files (x86)\GUTDD02.tmp
    2015-12-03 20:44 - 2015-12-03 20:44 - 00000000 ____D C:\Program Files (x86)\GUMDD01.tmp
    2015-12-02 13:51 - 2015-12-02 13:53 - 00000000 ____D C:\Windows\CD95F661A5C444F5A6AAECDD91C240ED.TMP
    2015-12-02 13:04 - 2015-12-06 13:24 - 00000000 ____D C:\Users\Kiarash\Desktop\English
    2015-12-02 13:04 - 2015-12-04 14:38 - 00000000 ____D C:\Users\Kiarash\Desktop\Proggraming
    2015-12-02 13:04 - 2015-12-03 18:41 - 00000000 ____D C:\Users\Kiarash\Desktop\materials
    2015-12-02 13:04 - 2015-12-02 14:13 - 00000000 ____D C:\Users\Kiarash\Desktop\code
    2015-12-01 15:10 - 2015-12-08 14:20 - 00000000 ____D C:\Users\Kiarash\Documents\UserTesting
    2015-12-01 15:08 - 2015-12-08 14:13 - 00000000 ____D C:\Users\Kiarash\AppData\Local\UserTestingPlugin
    2015-11-28 22:22 - 2015-11-28 22:23 - 00000000 ____D C:\Users\Kiarash\AppData\Local\AvgSetupLog
    2015-11-28 22:22 - 2015-11-28 22:22 - 00000000 ____D C:\Users\Kiarash\AppData\Local\Avg
    2015-11-21 14:12 - 2015-11-21 14:12 - 00000000 _____ C:\Users\Kiarash\AppData\Local\{AF930F56-2363-4F01-BEA5-55BDD8BACEEC}
    2015-11-21 13:02 - 2015-11-21 13:02 - 00000000 _____ C:\Users\Kiarash\AppData\Local\{2A7E23B0-E01C-41EA-9FDB-FCE80F1EEE34}
    2015-11-12 17:18 - 2015-11-12 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-11-12 15:09 - 2015-11-03 09:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-10 20:24 - 2015-11-03 14:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-11-10 20:24 - 2015-11-03 13:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-11-10 20:24 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-10 20:24 - 2015-10-30 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-11-10 20:24 - 2015-10-30 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-11-10 20:24 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-10 20:24 - 2015-10-30 15:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-11-10 20:24 - 2015-10-30 15:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-11-10 20:24 - 2015-10-30 15:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-11-10 20:24 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-10 20:24 - 2015-10-30 15:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-11-10 20:24 - 2015-10-30 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-11-10 20:24 - 2015-10-30 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-11-10 20:24 - 2015-10-30 15:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-11-10 20:24 - 2015-10-30 15:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-11-10 20:24 - 2015-10-30 15:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-11-10 20:24 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-10 20:24 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-10 20:24 - 2015-10-30 15:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-11-10 20:24 - 2015-10-30 15:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-11-10 20:24 - 2015-10-30 15:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-11-10 20:24 - 2015-10-30 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-11-10 20:24 - 2015-10-30 14:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-11-10 20:24 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-11-10 20:24 - 2015-10-30 14:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-11-10 20:24 - 2015-10-30 14:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-11-10 20:24 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-11-10 20:24 - 2015-10-30 14:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-11-10 20:24 - 2015-10-30 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-11-10 20:24 - 2015-10-30 14:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-11-10 20:24 - 2015-10-30 14:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-11-10 20:24 - 2015-10-30 14:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-11-10 20:24 - 2015-10-30 14:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-11-10 20:24 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-11-10 20:24 - 2015-10-30 14:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-11-10 20:24 - 2015-10-30 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-11-10 20:24 - 2015-10-30 14:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-11-10 20:24 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-11-10 20:24 - 2015-10-30 14:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-11-10 20:24 - 2015-10-30 14:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-11-10 20:24 - 2015-10-30 14:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-11-10 20:24 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-11-10 20:24 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-10 20:24 - 2015-10-30 14:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-11-10 20:24 - 2015-10-30 14:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-11-10 20:24 - 2015-10-30 14:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-11-10 20:24 - 2015-10-30 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-11-10 20:24 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-10 20:24 - 2015-10-30 14:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-11-10 20:24 - 2015-10-30 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-11-10 20:24 - 2015-10-30 14:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-11-10 20:24 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-10 20:24 - 2015-10-30 14:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-11-10 20:24 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-11-10 20:24 - 2015-10-30 14:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-11-10 20:24 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-11-10 20:24 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-11-10 20:24 - 2015-10-30 14:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-11-10 20:24 - 2015-10-30 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-11-10 20:24 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-10 20:24 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-11-10 20:24 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-11-10 20:24 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-11-10 20:24 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-11-10 20:24 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-11-10 20:24 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-11-10 20:24 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-11-10 20:24 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-11-10 20:24 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-11-10 20:24 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-11-10 20:24 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-11-10 20:24 - 2015-10-20 10:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-11-10 20:24 - 2015-10-20 10:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-11-10 20:24 - 2015-10-20 10:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-11-10 20:24 - 2015-10-20 10:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-11-10 20:24 - 2015-10-20 10:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-11-10 20:24 - 2015-10-20 10:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-11-10 20:24 - 2015-10-20 10:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-11-10 20:24 - 2015-10-20 10:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-11-10 20:24 - 2015-10-20 10:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-11-10 20:24 - 2015-10-20 10:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-11-10 20:24 - 2015-10-20 10:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-11-10 20:24 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-11-10 20:24 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-11-10 20:24 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-11-10 20:24 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-11-10 20:24 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-11-10 20:24 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-10 20:24 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-11-10 20:24 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-11-10 20:24 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-11-10 20:24 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-11-10 20:24 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-11-10 20:24 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-11-10 20:24 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-11-10 20:24 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-11-10 20:24 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-11-10 20:24 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-11-10 20:24 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-11-10 20:24 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-11-10 20:24 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-11-10 20:24 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-11-10 20:24 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-11-10 20:24 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-11-10 20:24 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-11-10 20:24 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-11-10 20:24 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-11-10 20:24 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-11-10 20:24 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-11-10 20:24 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-11-10 20:24 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-11-10 20:24 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-11-10 20:24 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-11-10 20:24 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-11-10 20:24 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-11-10 20:24 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-11-10 20:24 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-11-10 20:24 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-11-10 20:24 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-11-10 20:24 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-11-10 20:24 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-11-10 20:24 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-11-10 20:24 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-11-10 20:24 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-11-10 20:24 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-11-10 20:24 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-11-10 20:23 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-11-10 20:23 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-11-10 20:23 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-11-09 12:45 - 2015-11-09 12:45 - 04614144 _____ C:\Users\Kiarash\Downloads\msxml6_SDK.msi
    2015-11-09 12:36 - 2015-11-09 12:36 - 00003036 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1447101364
    2015-11-09 12:36 - 2015-11-09 12:36 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2015-11-08 08:52 - 2015-11-08 08:52 - 00466400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-08 17:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
    2015-12-08 17:08 - 2013-02-26 09:07 - 00000000 ____D C:\Users\Kiarash\AppData\Roaming\Spotify
    2015-12-08 16:48 - 2015-03-16 23:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-12-08 16:44 - 2014-12-04 17:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-08 16:38 - 2009-07-13 20:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-12-08 16:38 - 2009-07-13 20:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-12-08 16:37 - 2015-10-25 19:32 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2015-12-08 16:15 - 2013-03-04 12:31 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002UA.job
    2015-12-08 15:34 - 2013-02-25 17:47 - 00000000 ____D C:\Users\Kiarash\AppData\Local\Akamai
    2015-12-08 13:40 - 2014-10-21 21:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-12-08 13:25 - 2015-02-16 04:19 - 00000000 ____D C:\ProgramData\Reprise
    2015-12-08 13:25 - 2015-02-16 04:19 - 00000000 ____D C:\Program Files\SketchUp
    2015-12-08 13:25 - 2013-10-24 19:31 - 00000000 ____D C:\ProgramData\SketchUp
    2015-12-08 10:58 - 2013-02-26 09:07 - 00000000 ____D C:\Users\Kiarash\AppData\Local\Spotify
    2015-12-08 10:49 - 2015-10-25 19:32 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2015-12-08 10:46 - 2013-03-04 12:31 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002Core.job
    2015-12-08 10:44 - 2014-12-04 17:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-08 10:40 - 2013-02-23 15:36 - 00000000 ____D C:\Users\Kiarash\AppData\Local\Adobe
    2015-12-08 10:40 - 2013-02-22 19:52 - 00000000 ____D C:\Users\Kiarash\AppData\LocalLow\AuthenTec
    2015-12-08 10:38 - 2015-03-16 23:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-08 10:38 - 2015-03-16 23:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-08 10:38 - 2014-05-04 10:52 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-12-07 14:39 - 2015-09-07 22:29 - 00000000 ____D C:\Users\Kiarash\.oracle_jre_usage
    2015-12-07 14:03 - 2015-09-14 15:56 - 00000000 ____D C:\Users\Kiarash\Desktop\random pics
    2015-12-07 13:39 - 2014-10-22 00:15 - 00000034 _____ C:\Users\Kiarash\AppData\Roaming\AdobeWLCMCache.dat
    2015-12-07 12:54 - 2013-02-28 13:09 - 00000000 ____D C:\Users\Kiarash\AppData\Roaming\Skype
    2015-12-07 12:40 - 2015-09-08 09:31 - 00000000 ____D C:\Users\Kiarash\Documents\My Filehippo Downloads
    2015-12-07 12:37 - 2015-03-10 09:20 - 00000000 ___RD C:\Users\Kiarash\Google Drive
    2015-12-07 12:37 - 2015-02-15 13:41 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
    2015-12-07 12:37 - 2014-12-05 01:30 - 00000000 ____D C:\Users\Kiarash\AppData\Local\CrashDumps
    2015-12-07 12:37 - 2013-02-27 23:53 - 00000000 ___RD C:\Users\Kiarash\Dropbox
    2015-12-07 12:37 - 2013-02-27 21:55 - 00000000 ____D C:\Users\Kiarash\AppData\Roaming\Dropbox
    2015-12-07 12:02 - 2015-07-22 22:08 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2015-12-07 12:02 - 2014-12-05 21:26 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2015-12-07 11:04 - 2009-07-13 21:13 - 00006218 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-07 10:59 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-06 18:06 - 2013-02-22 19:52 - 00000000 ____D C:\Users\Kiarash
    2015-12-06 17:51 - 2015-09-08 11:30 - 00000000 ____D C:\Users\Kiarash\Desktop\desk shorts
    2015-12-05 21:47 - 2013-02-23 21:54 - 00000000 ____D C:\Users\Kiarash\AppData\Local\ElevatedDiagnostics
    2015-12-02 21:32 - 2013-03-24 16:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-12-02 13:41 - 2015-07-23 05:20 - 00000000 ____D C:\Program Files (x86)\Wondershare
    2015-12-01 17:46 - 2014-12-04 17:31 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2015-11-29 22:37 - 2014-02-23 22:04 - 00002164 _____ C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2015-11-29 15:06 - 2014-12-05 21:26 - 00000000 ____D C:\Windows\SysWOW64\vbox
    2015-11-29 15:06 - 2014-12-05 21:26 - 00000000 ____D C:\Windows\system32\vbox
    2015-11-24 19:45 - 2015-03-10 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-11-21 13:20 - 2014-12-05 21:26 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-11-19 23:48 - 2015-03-16 23:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-11-19 18:29 - 2013-02-13 16:25 - 00000000 ____D C:\Users\UpdatusUser
    2015-11-13 15:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2015-11-12 17:18 - 2015-10-25 19:32 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2015-11-12 17:14 - 2009-07-13 20:45 - 05216144 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-10 23:28 - 2013-08-14 07:03 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-10 23:24 - 2013-02-23 21:19 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-11-10 23:19 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal
    2015-11-09 12:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2015-11-08 08:52 - 2015-09-08 11:30 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2015-11-08 08:52 - 2014-12-05 21:25 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-11-08 08:52 - 2014-12-05 21:25 - 00000000 ____D C:\Program Files\AVAST Software

    ==================== Files in the root of some directories =======

    2015-12-03 20:44 - 2015-12-03 20:44 - 6420480 _____ () C:\Program Files (x86)\GUTDD02.tmp
    2014-02-26 12:20 - 2014-03-14 04:45 - 0000132 _____ () C:\Users\Kiarash\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2013-10-14 08:34 - 2014-05-07 14:34 - 0000132 _____ () C:\Users\Kiarash\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2014-10-22 00:15 - 2015-12-07 13:39 - 0000034 _____ () C:\Users\Kiarash\AppData\Roaming\AdobeWLCMCache.dat
    2014-09-01 00:18 - 2014-09-01 00:18 - 0001248 _____ () C:\Users\Kiarash\AppData\Roaming\LONFXR
    2014-09-01 00:18 - 2014-09-01 00:18 - 0002086 _____ () C:\Users\Kiarash\AppData\Roaming\UOXQYS
    2015-02-15 13:52 - 2015-02-15 13:52 - 0033193 _____ () C:\Users\Kiarash\AppData\Roaming\UserTile.png
    2014-05-14 19:04 - 2014-05-14 19:04 - 0000043 _____ () C:\Users\Kiarash\AppData\Roaming\WB.CFG
    2015-11-21 13:02 - 2015-11-21 13:02 - 0000000 _____ () C:\Users\Kiarash\AppData\Local\{2A7E23B0-E01C-41EA-9FDB-FCE80F1EEE34}
    2015-11-21 14:12 - 2015-11-21 14:12 - 0000000 _____ () C:\Users\Kiarash\AppData\Local\{AF930F56-2363-4F01-BEA5-55BDD8BACEEC}
    2013-02-25 11:48 - 2014-12-04 18:16 - 0009691 _____ () C:\ProgramData\hpzinstall.log
    2013-02-26 09:18 - 2013-02-26 09:18 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2014-12-04 17:08 - 2014-12-04 17:08 - 0001704 _____ () C:\ProgramData\tempimage.bmp

    Files to move or delete:
    ====================
    C:\Users\Kiarash\Setup.X86.en-US_O365HomePremRetail_f8fbac84-f226-4160-8ada-7c116c9f636d_TX_PR_ (1).exe


    Some files in TEMP:
    ====================
    C:\Users\Kiarash\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcu3p2.dll
    C:\Users\Kiarash\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Kiarash\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Kiarash\AppData\Local\Temp\som_fs.exe
    C:\Users\Kiarash\AppData\Local\Temp\som_mp4_encoder_2.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-30 00:53

    ==================== End of FRST.txt ============================
     
  6. cheetadready

    cheetadready TS Rookie Topic Starter Posts: 32

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
    Ran by Kiarash (2015-12-08 17:11:39)
    Running from C:\Users\Kiarash\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2013-02-23 03:52:40)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-900365376-1320249618-260173824-500 - Administrator - Disabled)
    Guest (S-1-5-21-900365376-1320249618-260173824-501 - Limited - Enabled) => C:\Users\Guest.Kiarash-PC
    HomeGroupUser$ (S-1-5-21-900365376-1320249618-260173824-1004 - Limited - Enabled)
    Kiarash (S-1-5-21-900365376-1320249618-260173824-1002 - Administrator - Enabled) => C:\Users\Kiarash
    UpdatusUser (S-1-5-21-900365376-1320249618-260173824-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.196 - Adobe Systems Incorporated)
    Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
    Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.238 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.0 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ArcSoft TotalMedia Extreme (HKLM-x32\...\{783676EB-93A4-4373-B4FD-A0CC107FA349}) (Version: 2.0.60.42 - ArcSoft)
    Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
    AuthenTec TrueSuite (HKLM\...\{C76FAAED-E66D-488A-9E15-6082B527814A}) (Version: 5.2.0.642 - AuthenTec, Inc.)
    AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
    AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
    AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
    Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.1.149.0 - Autodesk)
    Autodesk 3ds Max 2015 (Version: 17.1.149.0 - Autodesk) Hidden
    Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
    Autodesk 3ds Max 2015 SP1 (HKLM\...\Autodesk 3ds Max 2015 SP1) (Version: 17.1.149.0 - Autodesk)
    Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)
    Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
    Autodesk BIM 360 Revit 2015 Add-in 64 bit (HKLM\...\{37E1C3A1-7DBF-4250-9314-46167B68383D}) (Version: 3.32.3357 - Autodesk)
    Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
    Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
    Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
    Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
    Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
    Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
    Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk)
    Autodesk Download Manager (HKLM-x32\...\{CCA78313-443C-4674-81B8-88919D137258}) (Version: 2.0.2.0 - Autodesk, Inc.)
    Autodesk Essential Skills Movies for 3ds Max 2013 64-bit (HKLM\...\{7EDE5B68-1FB0-405D-88F0-A34236002DA8}) (Version: 1.0.0.1 - Autodesk)
    Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit) (Version: - Autodesk)
    Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version: - Autodesk)
    Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
    Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
    Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
    Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
    Autodesk Inventor Server Engine for 3ds Max 2013 64-bit (HKLM\...\{696BB53C-28E6-1664-974E-D42FFF5B8E04}) (Version: 15.0 - Autodesk)
    Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0.2 - Autodesk)
    Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
    Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.8.100 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.8.100 - Autodesk)
    Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
    Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.8.100 - Autodesk)
    Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
    Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.8.100 - Autodesk)
    Autodesk Revit 2013 (HKLM\...\Autodesk Revit 2013) (Version: 12.02.21203 - Autodesk)
    Autodesk Revit 2015 (HKLM\...\Autodesk Revit 2015) (Version: 15.0.136.0 - Autodesk)
    Autodesk Revit Content Libraries 2015 (HKLM\...\Autodesk Revit Content Libraries 2015) (Version: 15.0.136.0 - Autodesk)
    Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.166.0 - Autodesk)
    Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.166.0 - Autodesk) Hidden
    Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
    Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
    Autodesk Vasari Beta 3 (HKLM\...\Autodesk Vasari Beta 3) (Version: 13.09.26120 - Autodesk)
    Autodesk Workflows 2015 (HKLM\...\{A90DD6F8-60D2-4803-AFF6-796400E73E1B}) (Version: 5.2.11.100 - Autodesk, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
    Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
    CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2420.0 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.2420.0 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2428.57 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
    FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
    FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
    FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
    FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version: - FARO Technologies)
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
    FLV Player Free 1.0 (HKLM-x32\...\FLV Player Free_is1) (Version: - A Software Plus)
    Gerdoo 23 (HKLM-x32\...\{D80529FA-D199-4199-9CB8-3802A8A700AE}) (Version: 23 - Gerdoo.net)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.22 - Google Inc.)
    Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
    Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
    Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google SketchUp Pro 7 (HKLM-x32\...\{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}) (Version: 2.1.6860 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Grammarly for Microsoft® Office Suite (HKLM-x32\...\{fb69ee11-56a5-4e7e-bce7-491d7e06865f}) (Version: 6.3.94.2448 - Grammarly)
    Grammarly for Microsoft® Office Suite (x32 Version: 6.3.94.2448 - Grammarly) Hidden
    Hotkey 6.0078 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0078 - NoteBook)
    Hotkey 6.0078 (x32 Version: 6.0078 - NoteBook) Hidden
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    iCare Data Recovery Standard (HKLM-x32\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery)
    I-Menu version 4.0.8 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.0.8 - AOC)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.10.1300 - Intel Corporation)
    Intel(R) Network Connections 16.7.166.0 (HKLM\...\PROSetDX) (Version: 16.7.166.0 - Intel)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
    iTunes (HKLM\...\{43ABC943-FCE2-4B0C-9930-F2E90A06D926}) (Version: 12.3.1.23 - Apple Inc.)
    Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Maxwell Plugin for Revit Architecture (HKLM-x32\...\MaxwellRevit) (Version: 3.1.1 - Next Limit)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MindMaple Lite 1.3 (HKLM-x32\...\MindMaple_is1) (Version: v1.3 - MindMaple Inc.)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 43.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NASA World Wind 1.4 (HKLM-x32\...\NASA World Wind 1.4) (Version: - )
    NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
    NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6733 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Revit 2013 (Version: 12.02.21203 - Autodesk) Hidden
    Revit 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
    Revit 2015 (Version: 15.0.136.0 - Autodesk) Hidden
    Revit 2015 Language Pack - English (Version: 15.0.136.0 - Autodesk) Hidden
    Revit Content Libraries 2015 (Version: 15.0.136.0 - Autodesk) Hidden
    Rhinoceros 5 (64-bit) (HKLM\...\{8F098E75-66AC-4EC6-82AF-A86C4C87235F}) (Version: 5.11.50203.14395 - Robert McNeel & Associates)
    RISA-3D 12.0 Demo (64-bit) (HKLM-x32\...\RISA-3D 12.0 Demo (64-bit)) (Version: 12.0.0.0 - RISA Technologies, LLC)
    SafeZone Stable 1.46.1990.55 (x32 Version: 1.46.1990.55 - Avast Software) Hidden
    Screen+ 1.0 (HKLM-x32\...\Screen+_is1) (Version: - AOC)
    SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
    SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
    SketchUp 2016 (HKLM\...\{D87EE6DC-32BA-4219-AC75-0A6FD54ED058}) (Version: 16.0.19912 - Trimble Navigation Limited)
    SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
    Sound Blaster X-Fi MB 2 (HKLM-x32\...\{C772C983-D57A-4FF9-80AF-13078C4646CE}) (Version: 1.04.01 - Creative Technology Limited)
    Spotify (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.18.0 - Synaptics Incorporated)
    Synctunes Desktop (HKLM-x32\...\{DC519C80-23D5-4199-BA26-AE371BC0E507}) (Version: 1.0.9 - The Bit Studio)
    TextEdit 3.0 (HKLM-x32\...\{81C71501-D10F-4DE8-AFD9-E718E82B1D41}_is1) (Version: 3.0.0.4830 - Core Software Solutions)
    UserTesting.com Recorder Plugin (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\UserTestingPlugin) (Version: - UserTesting.com)
    Vasari Beta 3 (Version: 13.09.26120 - Autodesk) Hidden
    Vasari Beta 3 Language Pack - English (Version: 13.09.26120 - Autodesk) Hidden
    Vasari Prototype CFD Visualisation Plug-in (HKLM-x32\...\{A8B18FAE-6B52-4D45-89F4-6650AEAC98D6}_is1) (Version: 2012 - Autodesk, Inc.)
    Vasari Solar Radiation Plug-in (HKLM-x32\...\{DFE67FD4-0C20-4E6D-972D-01709880E09C}_is1) (Version: 2012 - Autodesk, Inc.)
    Vasari STL Export Plug-in (HKLM-x32\...\{FE5999DC-29D8-40A8-B4F5-1BB626969AF8}_is1) (Version: 2012 - Autodesk, Inc.)
    Vasari Wind Analysis Plug-in (HKLM-x32\...\{2039DBA4-4641-4500-A8AF-DDDC6DE518A1}_is1) (Version: 2012 - Autodesk, Inc.)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Viper Plagiarism Scanner (HKLM-x32\...\{2D9F8754-84AB-4C46-8243-9EADF23A63EE}_is1) (Version: 4.1.90.1039 - All Answers Ltd)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
    WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
    WD SES Driver Setup (x32 Version: 1.0.5.7 - Western Digital) Hidden
    WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WhatUsersDo-Screen-Recorder version 1.0 (HKLM-x32\...\{E13A55D7-EC52-44B7-A55A-5D24AA8101E3}_is1) (Version: 1.0 - WhatUsersDo Ltd)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
    Worms for Pocket PC (HKLM-x32\...\Worms for Pocket PC) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{083C82AE-568E-45dd-A92C-01422CA45760}\InprocServer32 -> C:\Program Files\Autodesk\Revit 2013\Program\APIContext.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll => No File
    CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)

    ==================== Restore Points =========================


    ==================== Hosts content: ===============================
     
  7. cheetadready

    cheetadready TS Rookie Topic Starter Posts: 32

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2014-12-05 00:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {031C293D-3E60-41E8-91D7-9D78702C7A0B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {225CEF0A-972A-4DEE-BE10-EAF7C78F781A} - System32\Tasks\AdobeAAMUpdater-1.0-Kiarash-PC-Kiarash => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
    Task: {2494B099-B96E-4058-8381-FB4B358E0CE5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {27988A20-7C38-40B3-AF6F-97F384E67681} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-25] (Dropbox, Inc.)
    Task: {30362236-6D81-481C-A270-D3FC304656AC} - System32\Tasks\Pointstone\System Cleaner\Startup Dialog => C:\Program Files (x86)\Pointstone\System Cleaner 7\Helper.exe
    Task: {30B783D6-2509-40B1-B661-2C27E4A0C280} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
    Task: {3CE02BB7-E74B-430E-95BA-F581E1E8560E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {473A9D07-D4FB-404C-9825-E77453DB3533} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002Core => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {538A2065-05F3-414B-8A2D-675791CFAEBD} - System32\Tasks\Western Digital\SmartWare\____Volume_ce898744_7635_11e2_8581_806e6f6e6963______Volume_94bc2bea_b55a_11e4_8591_0090f5de4e1b__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-07-20] (Western Digital Technologies, Inc.)
    Task: {5556541B-0BD6-4B0C-8BDA-8927F58524E0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-900365376-1320249618-260173824-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {5570CFC1-B985-4907-A5FF-CFEB0073B441} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {5AE245FB-48D8-4F52-B5FB-4304661D32F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
    Task: {5C3E77CE-D8D6-4462-8575-E481B560968A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {5D580E57-DAA0-4388-8845-B65920D1536A} - System32\Tasks\{9D2B3D7B-63AB-447F-A6FA-10A99AE273CC} => Chrome.exe hxxp://ui.skype.com/ui/0/7.9.0.103/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
    Task: {605BF605-8FF3-4413-B0EF-B98D36A16A40} - System32\Tasks\SafeZone scheduled Autoupdate 1447101364 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-10-29] (Avast Software)
    Task: {6CA2F9CE-6715-4D88-82D5-C7D6972C7BCA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {8549F758-5F98-4EE0-9756-3B8E792CB320} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {8F31DBE8-BE30-41AB-934A-280986CA95E1} - System32\Tasks\{B163A691-4607-48C1-9981-3B56C261982D} => pcalua.exe -a C:\Windows\unvise32.exe -d C:\Windows -c \Microsoft\Windows\CurrentVersion\SharedDlls
    Task: {ABD5B2FB-298C-4B1C-AA27-7996E4BD0EDA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-900365376-1320249618-260173824-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {ADCCBBCD-C6DE-472C-9596-8690C963DD45} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-07] (AVAST Software)
    Task: {B3E48C65-8D5D-43E0-8571-7DE27A538FCF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {C4ECBD9A-1EB2-4947-9A28-5A85B325718F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {CFB4E32C-9F07-430C-82FA-1E9974D058A5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-25] (Dropbox, Inc.)
    Task: {D062A9B5-6EF7-420B-9319-99674D6B32DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002UA => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {F2013438-688F-4F70-B8B1-4AF5C80565A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {F68E986F-CDA6-4896-8C7C-F7AEDC91CEB4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002Core.job => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002UA.job => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\Install Now AutoCAD 2013.lnk -> C:\Autodesk\AutoCAD_2013_English_Win_32_64bit_wi_en-US_Setup1\setup.exe (Autodesk, Inc.) -> /URL "hxxp://studentsdownload.autodesk.com/SWDLDDLM/2013/ACD/WI/AutoCAD_2013_English_Win_32_64bit_wi_en-US_Setup1.exe" /Student /SN 900-34749737 /PK 001E1 /akamai <==== ATTENTION
    ShortcutWithArgument: C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\Install Now Autodesk Revit 2013.lnk -> C:\Autodesk\Autodesk_Revit_2013_English_Win_32_64bit_wi_en-US_Setup1\Setup.exe (Autodesk, Inc.) -> /URL "hxxp://studentsdownload.autodesk.com/SWDLDDLM/2013/RVT/WI/Autodesk_Revit_2013_English_Win_32_64bit_wi_en-US_Setup1.exe" /Student /SN 900-34749737 /PK 829E1 /akamai <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2013-02-13 16:25 - 2012-10-11 23:36 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-05-10 16:09 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2012-06-28 16:44 - 2012-06-28 16:44 - 00035840 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
    2014-02-23 22:51 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2015-10-27 21:24 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-02-13 17:04 - 2010-06-08 13:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
    2012-02-05 22:14 - 2012-02-05 22:14 - 00498176 _____ () C:\Program Files\Autodesk\Autodesk Sync\log4cplusU.dll
    2012-02-05 22:18 - 2012-02-05 22:18 - 00055232 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2012-02-05 22:18 - 2012-02-05 22:18 - 00917952 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2012-02-05 22:18 - 2012-02-05 22:18 - 00043968 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2012-02-05 22:18 - 2012-02-05 22:18 - 00222656 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll
    2015-12-01 17:46 - 2015-11-30 22:38 - 02042184 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.22\libglesv2.dll
    2015-12-01 17:46 - 2015-11-30 22:38 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.22\libegl.dll
    2012-10-25 22:48 - 2012-10-25 22:48 - 04739072 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
    2014-01-09 21:26 - 2014-01-09 21:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2015-09-11 18:01 - 2015-09-11 18:01 - 31958688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2011-11-03 03:09 - 2011-11-03 03:09 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
    2011-11-03 03:08 - 2011-11-03 03:08 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
    2015-12-01 17:46 - 2015-11-30 22:38 - 28952392 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.22\PepperFlash\pepflashplayer.dll
    2015-11-08 08:52 - 2015-11-08 08:52 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-11-08 08:52 - 2015-11-08 08:52 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-12-06 08:30 - 2015-12-06 08:30 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15120600\algo.dll
    2015-11-08 08:52 - 2015-11-08 08:52 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2015-12-07 11:01 - 2015-12-07 11:01 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15120701\algo.dll
    2015-11-08 08:52 - 2015-11-08 08:52 - 00233680 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2014-04-12 16:37 - 2014-06-20 22:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
    2014-04-12 16:37 - 2014-06-20 22:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-12-07 12:36 - 2015-12-07 12:36 - 00098816 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32api.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00110080 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\pywintypes27.dll
    2015-12-07 12:36 - 2015-12-07 12:36 - 00364544 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\pythoncom27.dll
    2015-12-07 12:36 - 2015-12-07 12:36 - 00046080 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_socket.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 01208320 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_ssl.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00320512 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32com.shell.shell.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00776704 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_hashlib.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 01176576 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._core_.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00806400 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._gdi_.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00816128 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._windows_.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 01067008 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._controls_.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00733184 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._misc_.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00682496 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\pysqlite2._sqlite.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00088064 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_ctypes.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00119808 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32file.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00108544 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32security.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00007168 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\hashobjs_ext.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00017920 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\thumbnails_ext.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00079360 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\usb_ext.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00167936 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32gui.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00018432 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32event.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00128512 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_elementtree.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00127488 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\pyexpat.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00013824 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\common.time34.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00036864 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_psutil_windows.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00038912 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32inet.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00525640 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\windows._lib_cacheinvalidation.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00011264 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32crypt.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00077312 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._html2.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00027136 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_multiprocessing.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00020480 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\_yappi.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00035840 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32process.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00686080 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\unicodedata.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00123392 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._wizard.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00024064 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32pipe.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00010240 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\select.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00025600 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32pdh.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00017408 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32profile.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00022528 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\win32ts.pyd
    2015-12-07 12:36 - 2015-12-07 12:36 - 00078848 _____ () C:\Users\Kiarash\AppData\Local\Temp\_MEI70242\wx._animate.pyd
    2009-06-06 14:50 - 2009-06-06 14:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
    2006-12-11 02:10 - 2006-12-11 02:10 - 00049152 _____ () C:\Program Files (x86)\Hotkey\AudioControlDLL.dll
    2013-02-13 17:04 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
    2013-02-13 17:04 - 2010-06-08 13:22 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
    2014-11-14 18:30 - 2014-11-14 18:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2015-09-15 07:08 - 2015-09-15 07:08 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
    2015-11-08 08:52 - 2015-11-08 08:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-01-09 21:28 - 2014-01-09 21:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2015-12-07 12:37 - 2015-12-07 12:37 - 00071168 _____ () c:\users\kiarash\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcu3p2.dll
    2015-10-25 19:33 - 2015-09-02 16:11 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
    2015-10-25 19:33 - 2015-09-02 16:11 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-10-25 19:33 - 2015-09-02 16:11 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-10-25 19:33 - 2015-09-02 16:11 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
    2015-12-07 12:37 - 2014-06-20 22:19 - 00104328 _____ () C:\Users\Kiarash\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
    2014-10-14 10:37 - 2014-10-14 10:37 - 00081056 _____ () C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
    2015-09-15 07:08 - 2015-09-15 07:08 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
    2015-09-15 07:08 - 2015-09-15 07:08 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
    2015-03-10 09:47 - 2015-12-03 10:41 - 50679920 _____ () C:\Users\Kiarash\AppData\Roaming\Spotify\libcef.dll
    2015-03-10 09:47 - 2015-12-03 10:41 - 01882224 _____ () C:\Users\Kiarash\AppData\Roaming\Spotify\libglesv2.dll
    2015-03-10 09:47 - 2015-12-03 10:41 - 00082544 _____ () C:\Users\Kiarash\AppData\Roaming\Spotify\libegl.dll
    2014-11-14 18:33 - 2014-11-14 18:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm
    AlternateDataStreams: C:\Users\Kiarash\Local Settings:eek:UnR8AElFznQuLfU
    AlternateDataStreams: C:\Users\Kiarash\AppData\Local:eek:UnR8AElFznQuLfU
    AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Application Data:eek:UnR8AElFznQuLfU
    AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Temporary Internet Files:4rPMVkoomGsIG7FYbwg8pA1g6

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-900365376-1320249618-260173824-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{E393B69D-B827-4094-984A-FA4C7B09F958}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{C528C5CA-7AC8-404D-9EBF-C7A53E52FB25}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{EE935433-0CD9-4526-A499-56E65FE333A1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{BC03E3A8-5F52-4F2E-918B-F41FD8122081}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
    FirewallRules: [{D19BD72D-F642-46CA-A8DD-D08CF8D38D45}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
    FirewallRules: [{3A113519-093E-4C99-9191-FDAA3D1ABB20}] => (Allow) LPort=7935
    FirewallRules: [{D004F1E9-27EC-4ADB-A152-AA838AA7380F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{0DC5DFE3-CF07-4ED0-BEC6-8347721720CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{FC06BB44-54F4-4118-BFA9-0B4EBFCEC1CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{75B71D64-5B60-481B-BE63-020CF5F31C40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{EEE81F45-2E5F-4DA6-9F8F-10537F74A9BB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{5CD14E23-D377-4DF7-B676-5A1756E0034C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{16449BB2-1B25-4CE2-8836-D127C4A19482}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{2D500373-2DE0-40F0-96E3-5B74392C2D69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{2403ACD0-2A13-4450-ABB3-787A7D055EF0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{50BDD3E5-FB47-424A-895A-2AAABE829E3F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{A5001B18-E48A-4729-94EB-4B37CDDE23FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{22A68296-D2DC-42B7-9B7B-CA5582DA78D5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{8CE1028A-D785-4C4C-AA6D-FA5A22710A56}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [TCP Query User{1B431256-B58E-4A7B-BB25-EB8BEA18255D}C:\users\kiarash\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kiarash\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{256753A9-AB9D-40FF-9ECB-A0614B339BE9}C:\users\kiarash\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kiarash\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{5F5D630D-0796-42B1-A511-4ECDB863D596}] => (Allow) LPort=55031
    FirewallRules: [{6F468596-2B85-4E55-8D27-DB7CDE67625C}] => (Allow) LPort=5000
    FirewallRules: [{D79782D0-EAD4-43CF-B175-93A916A90666}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    FirewallRules: [{996219BD-E6E5-4F1A-9E35-5A4BBA967F79}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    FirewallRules: [{4007D475-E2DE-47DF-B084-AE68C0CDACBD}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64.exe
    FirewallRules: [{FC1AC9EA-BEAB-49F2-9D26-5E616AB4F1A7}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64.exe
    FirewallRules: [{10DC4FA5-22DA-4167-9313-87FB405F8967}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\3dsmax.exe
    FirewallRules: [{29075D87-F080-4D33-989E-0006B6C5567D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2013\3dsmax.exe
    FirewallRules: [{06853041-5A32-42FD-9768-9C253B949E01}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
    FirewallRules: [{BBC6682A-5EE8-4FAE-8D8F-0A9265F5075B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
    FirewallRules: [{3908B053-4A31-4317-99A5-1FC9F2CB81EF}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
    FirewallRules: [{4AED7117-69CA-4723-A578-08EF241DA380}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
    FirewallRules: [{394C25C6-8D72-4FFB-83F4-405A5B451F41}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
    FirewallRules: [{F0AB17A8-3924-4D2C-87AB-398F69AEA89B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
    FirewallRules: [TCP Query User{CD0F109F-4F78-4662-9608-DF989902D31B}C:\users\kiarash\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kiarash\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{691D5773-D2FC-4F03-910A-0964B4B16EBB}C:\users\kiarash\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kiarash\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{C7DF121A-726B-46C1-8C51-B66A1F4AE78C}] => (Block) C:\users\kiarash\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{BCC5C4E1-A878-456E-B261-28CBC8F31FD9}] => (Block) C:\users\kiarash\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{D3E8E134-9BF1-441D-AD67-4597E58132EF}] => (Allow) LPort=50248
    FirewallRules: [TCP Query User{F05350B1-D965-4112-A31C-83796A48FE34}C:\users\kiarash\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kiarash\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{FE61935F-099C-47D4-A413-6F1C1B23F752}C:\users\kiarash\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kiarash\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{AC201DAC-62FE-4E5C-B672-B515579310EB}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    FirewallRules: [{EAF5425E-CE80-4AC9-ACA1-A97FFCB08BF7}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    FirewallRules: [{74D731E2-9DCF-4FF0-B042-6750898663E7}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
    FirewallRules: [{F76D350F-91FF-48FA-9EFE-A91B671B81BB}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
    FirewallRules: [{99679A3D-4250-4819-868E-BCDC4CC57149}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
    FirewallRules: [{1A2C0F56-EE7D-4A81-A59F-86CB7E3A8EAA}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
    FirewallRules: [{9D250A55-2A9D-48A6-A41B-155C02E91C71}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{257B8B0A-2D71-444A-BCEA-5662DA5DEEE9}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe
    FirewallRules: [TCP Query User{FA3EEB22-97B3-4767-B03A-56A021EC7138}C:\users\kiarash\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kiarash\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{2F5DC500-D423-43D3-B0D0-2F90326FE670}C:\users\kiarash\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kiarash\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{92E678E1-0453-46D2-BC84-4AB503B8419B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{71E72910-5379-42BD-A932-A52B66433FCB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{E8CF7F22-47CE-4961-9D26-B6DB63C4ECF8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{63451AB3-56E2-472E-A63E-0A3308576FB1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{F29E3071-DEB2-4B7C-AA1F-9968298ECBEF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{FA32DFDA-C674-4AAE-86CD-F8FAC74A15D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{32134EA9-A094-4BBC-B699-1AC74BC607CF}] => (Allow) C:\Users\Kiarash\Downloads\CorelWordperfectOfficeX616318_SoftangoDownloader.exe
    FirewallRules: [{55A8BA2B-1E72-4C13-869C-CADFA604B140}] => (Allow) C:\Users\Kiarash\Downloads\CorelWordperfectOfficeX616318_SoftangoDownloader.exe
    FirewallRules: [{2F5AB776-DFA1-419E-92D5-357FECE47B67}] => (Allow) C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{049FDC46-7AA3-4A9B-8FFE-44455F34C013}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
    FirewallRules: [{14C47B88-EE71-430E-9EE2-A53DD981106D}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
    FirewallRules: [{C03735F7-7788-46AD-AD49-2BA4F811C666}] => (Allow) C:\Program Files (x86)\Proxifier\Proxifier.exe
    FirewallRules: [{ACD51E41-1777-4CA8-9C78-8D8A99FC3464}] => (Allow) C:\Program Files (x86)\Proxifier\Proxifier.exe
    FirewallRules: [{75E5B377-AD7C-4957-9E59-16E51D710467}] => (Allow) C:\Program Files (x86)\Proxifier\Proxifier.exe
    FirewallRules: [{3BBADC23-B552-4A4F-8CDB-560C9038F35E}] => (Allow) C:\Program Files (x86)\Proxifier\Proxifier.exe
    FirewallRules: [{D002FD81-32C7-456F-982E-743202D44A6E}] => (Allow) C:\Program Files (x86)\ExpressFiles\expressdl.exe
    FirewallRules: [{0FD7FAAF-12A9-4FE7-8E6B-18486BAC8B02}] => (Allow) C:\Program Files (x86)\ExpressFiles\expressdl.exe
    FirewallRules: [{5E1EFE7E-E7B7-4372-A17D-0B5CCCFE8E17}] => (Allow) C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
    FirewallRules: [{7A48B7FF-FD4B-4119-B67A-11C94FFC797B}] => (Allow) C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
    FirewallRules: [{32302F32-42C9-4C27-BEDF-BF14DF7F45F3}] => (Allow) C:\Users\Kiarash\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{412D9FBB-4606-4BB8-A154-19556556DEAE}] => (Allow) C:\Users\Kiarash\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{F51D2D09-167E-4919-9C75-50B46295D793}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
    FirewallRules: [{15B14292-9261-42DD-BD3A-DD1B1D87BA4C}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
    FirewallRules: [{C456DC5D-E315-43F2-9017-2985FAC4C98E}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
    FirewallRules: [{CF38AA4B-AA1B-4B89-BC12-DD73CD6350B8}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
    FirewallRules: [TCP Query User{88E7A74E-335F-400D-BE4C-3BB186E8FAA1}C:\users\kiarash\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\kiarash\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [UDP Query User{71B3DA02-6E8E-47BE-8D7A-2830A3166216}C:\users\kiarash\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\kiarash\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [{6B4455E7-A16C-4DFE-B187-D02CDA64982F}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
    FirewallRules: [{59B03CEF-94EB-4E6A-8958-A591E89635F8}] => (Allow) C:\Users\Kiarash\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{F37E02BF-3FA9-44E9-9108-0D4D86AD790B}] => (Allow) C:\Users\Kiarash\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{CC57E8A0-FF64-4961-8742-EB8D3D4C7795}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{033126F1-52D7-47FB-B4FA-A7AB98428B2F}] => (Allow) LPort=2869
    FirewallRules: [{612328B5-CE0A-4950-B9B8-8116D0969887}] => (Allow) LPort=1900
    FirewallRules: [{F9A4B08D-F55C-4D7B-B700-9D9D2671CAFE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{D3B462D8-DD2C-4FB7-A681-DE6BB82B83BD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{BB64FEB9-5F53-4D8A-98C3-1313F7DA9AB6}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
    FirewallRules: [{98B57413-C78B-417B-9355-740DA83F3DEA}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
    FirewallRules: [{DE381EEA-C561-4DE5-B21C-C68FE89A1FA6}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
    FirewallRules: [{7FCEA87F-5BF0-4CF7-8F30-B413D0C9337C}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
    FirewallRules: [{0303AE19-BCF3-42B1-A8DB-A300A8184C15}] => (Allow) C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe
    FirewallRules: [{29F1085C-8753-42F1-86AC-89C37887C3F4}] => (Allow) C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe
    FirewallRules: [{46F7AB2E-BB32-4D5F-8E36-B815DBFBF777}] => (Allow) C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe
    FirewallRules: [{1FCE4932-5E5B-4CEA-A82F-B3BC2BB30A04}] => (Allow) C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe
    FirewallRules: [{1A9313A4-9D9C-4CAD-B8F4-17EC0CB55455}] => (Allow) C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe
    FirewallRules: [TCP Query User{4D2DA3F9-6A77-4659-B541-32EFF5C30F08}C:\program files (x86)\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe] => (Block) C:\program files (x86)\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe
    FirewallRules: [UDP Query User{7E3003A9-61CB-4423-9DEF-55FBEDBCE8B0}C:\program files (x86)\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe] => (Block) C:\program files (x86)\codemasters\worms 4 mayhem demo\worms 4 mayhem demo.exe
    FirewallRules: [{54A0C78B-A077-460B-8AFF-4A1C159B541A}] => (Allow) C:\Users\Kiarash\AppData\Local\Temp\nsj1507.tmp\CnetInstaller-10257117.exe
    FirewallRules: [{B610D8E5-9605-4206-8BE1-BB9CC17D4B9B}] => (Allow) C:\Users\Kiarash\AppData\Local\Temp\nsj1507.tmp\CnetInstaller-10257117.exe
    FirewallRules: [{34DEC7CD-DF2F-4E8C-B976-24CBE03D0EBC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3D7DD615-6400-4F1D-8492-CB83909F2B2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EACA751B-17DF-43D6-8736-1C8DEF794C53}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{8D9A165A-8FE3-4F19-9D6A-3AF5538A3176}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{1A3A8832-845B-4A42-9B5A-1CCD06355669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{900593CC-B2BA-4ABD-BE41-481B3D8FDDB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{36448CBC-D08C-4CD5-8A4C-7CE100AE6E39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7E53AFF9-395C-4E69-90F9-E31E8ECBE572}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{62EA97DB-BD7F-4A0B-A08B-79F1EB9ACB0F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{BB89D56C-A7C9-4A82-A0CA-594F4C65A93F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{DCE325D7-51F1-4F01-A821-0D35C32C7AE6}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
    FirewallRules: [{0AC1D23E-B84E-4787-B004-68AB2EC21FF2}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
    FirewallRules: [{C17DB8FB-E4D2-4419-B8D3-4EDADDD0D49D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
    FirewallRules: [{1791E8BA-2354-47BA-B19C-168E4A6AD45A}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
    FirewallRules: [{45C81FC8-8676-425E-A267-69830467348E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{9D1C96AC-BEBF-49AE-A577-70E87E7736FE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{219FA1F8-8029-4D29-8E84-31CC7254CCB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{275BF4B4-14D1-43CF-BC5B-91F2482EDDF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3D732FA3-2326-4E1F-ABED-77EE947FA831}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EFDCFC33-E066-47CB-8F78-AA9B88C6DC6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{43C8F64F-2952-4E8B-A1FE-852C94E29E7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E638C4CB-EE7A-44C7-A63F-9FF568A168F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{91E2112F-B8CE-44CF-A0A3-7EBE88979E25}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{F7D2FB52-BDEC-434B-9956-444572DBB6CF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{769D7D4F-91B7-4256-B7F8-197A531A963C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{CA2351E2-CBF6-4ABD-B1A4-2A82560BF29A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{476A6B64-4F64-4D8D-AC42-91B860D2EC31}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/08/2015 03:34:27 PM) (Source: MsiInstaller) (EventID: 11310) (User: Kiarash-PC)
    Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Kiarash\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

    Error: (12/08/2015 03:34:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: Kiarash-PC)
    Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Kiarash\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

    Error: (12/08/2015 01:25:01 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed SketchUp 2016; Error = 0x81000101).

    Error: (12/08/2015 01:14:59 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed SketchUp 2016; Error = 0x81000101).

    Error: (12/08/2015 01:00:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program psi.exe version 3.0.0.10004 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 23f8

    Start Time: 01d131fb565abfd3

    Termination Time: 3

    Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe

    Report Id: b9d974b2-9dee-11e5-85b6-0090f5de4e1b

    Error: (12/08/2015 10:38:55 AM) (Source: MsiInstaller) (EventID: 11310) (User: Kiarash-PC)
    Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Kiarash\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

    Error: (12/08/2015 10:38:31 AM) (Source: MsiInstaller) (EventID: 11310) (User: Kiarash-PC)
    Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Kiarash\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

    Error: (12/07/2015 07:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 998

    Error: (12/07/2015 07:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 998

    Error: (12/07/2015 07:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (12/08/2015 11:41:41 AM) (Source: DCOM) (EventID: 10000) (User: )
    Description: C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE -Embedding740{84F66100-FF7C-4FB4-B0C0-02CD7FB668FE}

    Error: (12/08/2015 10:38:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (12/08/2015 10:38:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (12/08/2015 10:38:26 AM) (Source: PNRPSvc) (EventID: 102) (User: )
    Description: 0x80630801

    Error: (12/08/2015 10:38:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (12/08/2015 10:38:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (12/08/2015 10:38:26 AM) (Source: PNRPSvc) (EventID: 102) (User: )
    Description: 0x80630801

    Error: (12/07/2015 12:37:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (12/07/2015 12:37:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (12/07/2015 12:37:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
    Percentage of memory in use: 44%
    Total physical RAM: 16307.44 MB
    Available physical RAM: 9101.41 MB
    Total Virtual: 32613.08 MB
    Available Virtual: 24558.23 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:223.47 GB) (Free:37.99 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:228.65 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 734797D3)
    Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7AD5B1C6)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...