Solved Pc shuts off while scanning Malwarebytes Anti-Malware

Here is the FIRST Farbar Recovery Scan Tool report;

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Kiarash (administrator) on KIARASH-PC on 08-01-2015 11:40:25
Running from C:\Users\Kiarash\Desktop
Loaded Profiles: UpdatusUser & Kiarash (Available profiles: UpdatusUser & Kiarash)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\BackupService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
() C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Akamai Technologies, Inc.) C:\Users\Kiarash\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Kiarash\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Kiarash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
(Dropbox, Inc.) C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Autodesk Inc.) C:\Users\Kiarash\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817320 2011-07-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [506480 2012-12-28] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [375168 2012-12-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-20] (Autodesk Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Run: [Auto] => E:\autorun.exe
HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\MountPoints2: {ce898747-7635-11e2-8581-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Kiarash\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Spotify Web Helper] => C:\Users\Kiarash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [Spotify] => C:\Users\Kiarash\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Policies\Explorer: []
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk
ShortcutTarget: TotalMedia BackUp & Recorder Monitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-900365376-1320249618-260173824-1002] => http=127.0.0.1:59768;https=127.0.0.1:59768
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-900365376-1320249618-260173824-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-900365376-1320249618-260173824-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-900365376-1320249618-260173824-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900365376-1320249618-260173824-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900365376-1320249618-260173824-1002 -> {4FF364DB-6601-467A-876B-CCB2C364529C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-900365376-1320249618-260173824-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-900365376-1320249618-260173824-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kiarash\AppData\Roaming\Mozilla\Firefox\Profiles\n0s4o6tc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Kiarash\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kiarash\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @talk.google.com/O1DPlugin -> C:\Users\Kiarash\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-900365376-1320249618-260173824-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kiarash\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kiarash\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: ImageBlock - C:\Users\Kiarash\AppData\Roaming\Mozilla\Firefox\Profiles\n0s4o6tc.default\Extensions\imageblock@hemantvats.com.xpi [2014-09-25]
FF Extension: FirefoxAdKiller - C:\Users\Kiarash\AppData\Roaming\Mozilla\Firefox\Profiles\n0s4o6tc.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2014-09-25]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-11-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-05]
FF HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Firefox\Extensions: [GetLyrcis@levaddons.com] - C:\Program Files (x86)\GetLyrics\FF
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_dnldstr_14_49_ch_na01&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzztD0E0CtAtA0E0EtBtDtCtN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StA0EzytCyE0A0CtBtGtBtB0FyDtGzy0D0AtAtG0F0CyDzytGyCzztByBtBtByCtD0AtAtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDtBtBtD0CyEyEtGzyyCyE0DtGyEyDzzzytG0Azy0F0BtGtCzyyDtBtByCyByDyE0CyC0E2Q&cr=1428691166&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-04]
CHR Extension: (Google Docs) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
CHR Extension: (Google Drive) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]
CHR Extension: (YouTube) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-04]
CHR Extension: (Google Search) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-04]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-12-04]
CHR Extension: (Google Sheets) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-04]
CHR Extension: (Avast Online Security) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-06]
CHR Extension: (Google Wallet) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]
CHR Extension: (Gmail) - C:\Users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-04]
CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Chrome\Extension: [fdeikhckcedpnofpmfaakfhppidegbcp] - C:\Users\Kiarash\AppData\Local\CRE\fdeikhckcedpnofpmfaakfhppidegbcp.crx [Not Found]
CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Chrome\Extension: [hhfghaejnmdegcnoohmegfhnfmehpkbl] - C:\Users\Kiarash\AppData\Local\CRE\hhfghaejnmdegcnoohmegfhnfmehpkbl.crx [Not Found]
CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Chrome\Extension: [pnjnnnhampgflieglcelomcofocioegp] - C:\Users\Kiarash\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [eioaimhbaiomogmbefipmnbpjmefhhoc] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2011-09-02]
CHR HKLM-x32\...\Chrome\Extension: [fdeikhckcedpnofpmfaakfhppidegbcp] - C:\Users\Kiarash\AppData\Local\CRE\fdeikhckcedpnofpmfaakfhppidegbcp.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-05]
CHR HKLM-x32\...\Chrome\Extension: [hhfghaejnmdegcnoohmegfhnfmehpkbl] - C:\Users\Kiarash\AppData\Local\CRE\hhfghaejnmdegcnoohmegfhnfmehpkbl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pnjnnnhampgflieglcelomcofocioegp] - C:\Users\Kiarash\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx [Not Found]
 
==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-20] (Autodesk Inc.)
R2 ArcSoftServiceHelperTool; C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\BackupService.exe [355432 2012-08-13] (ArcSoft, Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-05] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-05] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [91248 2012-12-28] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-02-13] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-13] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78960 2012-12-28] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296048 2012-12-28] (CyberLink)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-12-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-12-04] (Malwarebytes Corporation)
R2 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2014-12-01] (Robert McNeel & Associates)
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35840 2012-06-28] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-30] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-05] ()
S3 cpuz130; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-12-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-12-04] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [269968 2012-07-02] (Realtek Semiconductor Corp.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-23] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-05] (Avast Software)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 11:40 - 2015-01-08 11:40 - 00038049 _____ () C:\Users\Kiarash\Desktop\FRST.txt
2015-01-08 11:40 - 2015-01-08 11:40 - 00000000 ____D () C:\FRST
2015-01-08 11:39 - 2015-01-08 11:39 - 02124288 _____ (Farbar) C:\Users\Kiarash\Desktop\FRST64.exe
2015-01-08 11:37 - 2015-01-08 11:37 - 00001572 _____ () C:\Users\Kiarash\Desktop\JRT.txt
2015-01-08 11:34 - 2015-01-08 11:34 - 00003197 _____ () C:\Users\Kiarash\Desktop\AdwCleaner[S0].txt
2015-01-08 11:33 - 2015-01-08 11:33 - 01707939 _____ (Thisisu) C:\Users\Kiarash\Desktop\JRT.exe
2015-01-08 11:25 - 2015-01-08 11:31 - 00000000 ____D () C:\AdwCleaner
2015-01-08 11:25 - 2015-01-08 11:25 - 02191360 _____ () C:\Users\Kiarash\Desktop\adwcleaner_4.107.exe
2015-01-08 00:20 - 2015-01-08 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player Free
2015-01-08 00:20 - 2015-01-08 00:20 - 00000000 ____D () C:\Program Files (x86)\FLV Player Free
2015-01-08 00:19 - 2015-01-08 00:19 - 01450282 _____ (A Software Plus ) C:\Users\Kiarash\Desktop\FLVPlayerFreeSetupDL.exe
2015-01-06 14:15 - 2015-01-08 11:13 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-900365376-1320249618-260173824-1002.job
2015-01-06 14:15 - 2015-01-06 14:15 - 00003608 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-900365376-1320249618-260173824-1002
2015-01-06 14:15 - 2015-01-06 14:15 - 00000000 ____D () C:\Users\Kiarash\AppData\Local\Citrix
2015-01-06 09:33 - 2015-01-06 09:33 - 00004142 _____ () C:\Users\Kiarash\Desktop\winmail.dat
2014-12-25 23:43 - 2014-12-25 23:45 - 00000000 ____D () C:\Users\Kiarash\Desktop\usb
2014-12-25 23:41 - 2014-12-25 23:41 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 12:14 - 2014-12-25 12:21 - 00000000 ___SD () C:\kia_mia
2014-12-24 21:42 - 2014-12-24 21:42 - 00005284 _____ () C:\Users\Kiarash\Desktop\kia.txt
2014-12-24 21:41 - 2014-12-24 21:42 - 00005284 _____ () C:\Users\Kiarash\Desktop\Rkill.txt
2014-12-24 21:38 - 2014-12-24 21:39 - 00000000 ____D () C:\Users\Kiarash\Desktop\ds
2014-12-24 21:31 - 2014-12-24 21:31 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Kiarash\Desktop\iExplore.exe
2014-12-24 21:30 - 2014-12-25 12:13 - 05603624 ____R (Swearware) C:\Users\Kiarash\Desktop\kia_mia.exe
2014-12-24 20:54 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-24 20:54 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-24 20:54 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-24 20:54 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-24 20:54 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-24 20:54 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-24 20:54 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-24 20:54 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-23 21:54 - 2014-12-23 21:54 - 00000000 ____D () C:\ProgramData\1078601655
2014-12-23 21:15 - 2014-12-23 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-23 21:13 - 2014-12-23 21:14 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Kiarash\Downloads\mbar-1.08.2.1001.exe
2014-12-23 20:59 - 2014-12-23 20:59 - 15298136 _____ () C:\Users\Kiarash\Downloads\RogueKiller (1).exe
2014-12-23 20:54 - 2014-12-23 20:55 - 15298136 _____ () C:\Users\Kiarash\Downloads\RogueKiller.exe
2014-12-23 20:16 - 2014-12-23 20:16 - 00072648 _____ () C:\Users\Kiarash\Downloads\FLVPlayer-Chrome.exe
2014-12-23 20:07 - 2014-12-23 20:07 - 00586424 _____ () C:\Users\Kiarash\Downloads\setup (2).exe
2014-12-23 20:07 - 2014-12-23 20:07 - 00586416 _____ () C:\Users\Kiarash\Downloads\setup (3).exe
2014-12-18 22:17 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 22:17 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 17:25 - 2014-12-13 11:31 - 00602556 _____ () C:\Users\Kiarash\Downloads\Drawing1 (1).bak
2014-12-13 15:19 - 2014-12-13 15:19 - 00179265 _____ () C:\Users\Kiarash\Downloads\kia (2).dwg
2014-12-13 15:19 - 2014-12-13 15:19 - 00179265 _____ () C:\Users\Kiarash\Downloads\kia (1).dwg
2014-12-13 15:09 - 2014-12-13 15:09 - 00240548 _____ () C:\Users\Kiarash\Downloads\kia.dwg
2014-12-13 14:02 - 2014-12-13 14:02 - 00191934 _____ () C:\Users\Kiarash\Documents\ESCALATOR.dwg
2014-12-13 11:31 - 2014-12-13 17:25 - 00650924 _____ () C:\Users\Kiarash\Downloads\Drawing1 (1).dwg
2014-12-12 22:01 - 2014-12-12 22:02 - 21708074 _____ () C:\Users\Kiarash\Downloads\FINAL BOARD.ai
2014-12-12 11:53 - 2014-12-12 11:53 - 09088286 _____ () C:\Users\Kiarash\Downloads\skin 0000.ai
2014-12-12 03:08 - 2014-12-12 03:08 - 00000207 ____H () C:\Users\Kiarash\Documents\Drawing2.dwl2
2014-12-12 03:08 - 2014-12-12 03:08 - 00000057 ____H () C:\Users\Kiarash\Documents\Drawing2.dwl
2014-12-12 02:37 - 2014-12-12 02:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-12-11 10:58 - 2014-12-11 11:13 - 00512269 _____ () C:\Users\Kiarash\Documents\only plans eagress.dwg
2014-12-11 10:58 - 2014-12-11 10:58 - 00149303 _____ () C:\Users\Kiarash\Documents\only plans eagress.bak
2014-12-11 03:06 - 2014-12-11 03:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:00 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:00 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:00 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:00 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:00 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:00 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:00 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:00 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:00 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:00 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 22:43 - 2014-12-10 22:43 - 01190165 _____ () C:\Users\Kiarash\Downloads\47164_areasupermarketcold.zip
2014-12-10 22:41 - 2014-12-10 22:41 - 03316165 _____ () C:\Users\Kiarash\Downloads\48688_healthcenter.zip
2014-12-10 22:39 - 2014-12-10 22:39 - 00197724 _____ () C:\Users\Kiarash\Downloads\81692_blocksinteriordoors.zip
2014-12-10 22:38 - 2014-12-10 22:38 - 00224314 _____ () C:\Users\Kiarash\Downloads\82151_doorsandwindows-ddetails.zip
2014-12-10 22:25 - 2014-12-10 22:25 - 02623943 _____ () C:\Users\Kiarash\Downloads\65845_architecturaldetailsofvariousbathrooms.zip
2014-12-10 22:10 - 2014-12-10 22:10 - 00831322 _____ () C:\Users\Kiarash\Downloads\81869_bathroom.zip
2014-12-10 22:10 - 2014-12-10 22:10 - 00268889 _____ () C:\Users\Kiarash\Downloads\77230_detailrestrooms.zip
2014-12-10 22:10 - 2014-12-10 22:10 - 00172489 _____ () C:\Users\Kiarash\Downloads\9234_bathroomwithspecifications.zip
2014-12-10 22:10 - 2014-12-10 22:10 - 00090103 _____ () C:\Users\Kiarash\Downloads\9270_bathroom-.zip
2014-12-10 22:07 - 2014-12-10 22:07 - 00751313 _____ () C:\Users\Kiarash\Downloads\81899_detailswc.zip
2014-12-10 22:07 - 2014-12-10 22:07 - 00463651 _____ () C:\Users\Kiarash\Downloads\82023_toilet.zip
2014-12-10 22:07 - 2014-12-10 22:07 - 00272105 _____ () C:\Users\Kiarash\Downloads\82152_detailofbathroom.zip
2014-12-10 22:06 - 2014-12-10 22:06 - 00808694 _____ () C:\Users\Kiarash\Downloads\82174_disabledbathroomdetaildetail.zip
2014-12-10 19:51 - 2014-12-10 19:51 - 00489330 _____ () C:\Users\Kiarash\Downloads\hopefully the best trys3 (3).dwg
2014-12-10 09:22 - 2014-12-10 09:22 - 00000197 _____ () C:\Windows\system32\2014-12-10-17-22-04.005-AvastVBoxSVC.exe-4368.log
2014-12-10 08:37 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 08:37 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 08:37 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 08:37 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 08:37 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 08:37 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 08:37 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 08:37 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 08:37 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 08:37 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 08:37 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 08:37 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 08:37 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 08:37 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 08:37 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 08:37 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 08:37 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 08:37 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 08:37 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 08:37 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 08:37 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 08:37 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 08:37 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 08:37 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 08:37 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 08:37 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 08:37 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 08:37 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 08:37 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 08:37 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 08:37 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 08:37 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 08:37 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 08:37 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 08:37 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 08:37 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 08:37 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 08:37 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 08:37 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 08:37 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 08:37 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 08:37 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 08:37 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 08:37 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 08:37 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 08:37 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 08:37 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 08:37 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 08:37 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 08:37 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 08:37 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 08:37 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 08:37 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 08:37 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 08:37 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 08:37 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 08:37 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 08:37 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 08:37 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 08:37 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 08:37 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 08:37 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 08:37 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 08:37 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 08:37 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 08:36 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 08:36 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 08:36 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 08:36 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 08:36 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 08:36 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 08:36 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 08:36 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 08:36 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 08:36 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 08:36 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 08:36 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 08:36 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 08:36 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 11:18 - 2014-12-09 11:18 - 00489330 _____ () C:\Users\Kiarash\Downloads\hopefully the best trys3 (2).dwg
2014-12-09 11:18 - 2014-12-09 11:18 - 00489330 _____ () C:\Users\Kiarash\Downloads\hopefully the best trys3 (1).dwg
2014-12-09 11:18 - 2014-12-09 11:18 - 00000209 ____H () C:\Users\Kiarash\Downloads\hopefully the best trys3 (2).dwl2
2014-12-09 11:18 - 2014-12-09 11:18 - 00000059 ____H () C:\Users\Kiarash\Downloads\hopefully the best trys3 (2).dwl
2014-12-09 08:45 - 2014-12-09 09:02 - 00597709 _____ () C:\Users\Kiarash\Downloads\hopefully the best trys3.bak
2014-12-09 08:15 - 2014-12-09 08:15 - 00000247 _____ () C:\Windows\system32\2014-12-09-16-15-18.070-aswFe.exe-8116.log
2014-12-09 08:09 - 2014-12-09 08:15 - 00000247 _____ () C:\Windows\system32\2014-12-09-16-09-40.087-aswFe.exe-8832.log
2014-12-09 08:09 - 2014-12-09 08:09 - 00000197 _____ () C:\Windows\system32\2014-12-09-16-09-39.025-AvastVBoxSVC.exe-8864.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 11:40 - 2014-12-05 01:14 - 00000364 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-900365376-1320249618-260173824-1002.job
2015-01-08 11:39 - 2009-07-13 20:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 11:39 - 2009-07-13 20:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 11:38 - 2009-07-13 21:13 - 00148152 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-08 11:36 - 2014-12-04 17:31 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 11:35 - 2013-02-13 15:36 - 01115303 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 11:34 - 2013-02-28 13:09 - 00000000 ____D () C:\Users\Kiarash\AppData\Roaming\Skype
2015-01-08 11:34 - 2013-02-26 09:07 - 00000000 ____D () C:\Users\Kiarash\AppData\Roaming\Spotify
2015-01-08 11:32 - 2014-12-05 01:30 - 00000000 ____D () C:\Users\Kiarash\AppData\Local\CrashDumps
2015-01-08 11:32 - 2014-12-04 17:31 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 11:32 - 2013-10-31 10:09 - 00657738 _____ () C:\Windows\PFRO.log
2015-01-08 11:32 - 2013-10-31 10:09 - 00066312 _____ () C:\Windows\setupact.log
2015-01-08 11:32 - 2013-02-27 23:53 - 00000000 ___RD () C:\Users\Kiarash\Dropbox
2015-01-08 11:32 - 2013-02-27 21:55 - 00000000 ____D () C:\Users\Kiarash\AppData\Roaming\Dropbox
2015-01-08 11:32 - 2013-02-23 15:36 - 00000000 ____D () C:\Users\Kiarash\AppData\Local\Adobe
2015-01-08 11:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 11:30 - 2013-02-22 17:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 11:14 - 2013-03-05 12:18 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-01-08 11:12 - 2013-03-04 12:31 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002UA.job
2015-01-08 10:57 - 2013-02-22 17:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-08 10:57 - 2013-02-22 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-08 10:57 - 2013-02-22 17:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-08 10:44 - 2013-02-25 17:47 - 00000000 ____D () C:\Users\Kiarash\AppData\Local\Akamai
2015-01-08 10:43 - 2014-10-21 21:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 13:21 - 2013-02-26 09:07 - 00000000 ____D () C:\Users\Kiarash\AppData\Local\Spotify
2015-01-06 09:26 - 2014-12-05 21:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-24 21:37 - 2014-02-23 22:03 - 00000000 ____D () C:\Users\Kiarash\AppData\Local\Windows Live
2014-12-24 20:54 - 2014-12-05 00:21 - 00000000 ____D () C:\Qoobox
2014-12-23 22:59 - 2014-10-22 00:15 - 00000033 _____ () C:\Users\Kiarash\AppData\Roaming\AdobeWLCMCache.dat
2014-12-23 21:14 - 2014-10-21 21:37 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-23 21:03 - 2014-12-05 01:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-23 17:53 - 2013-03-24 16:25 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-19 16:48 - 2013-02-28 13:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 16:48 - 2013-02-28 13:09 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 08:21 - 2013-08-14 07:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 08:18 - 2013-02-23 21:19 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-19 08:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-18 23:44 - 2014-12-03 13:30 - 00000500 _____ () C:\Windows\SysWOW64\Drivers\iaxext_456.set
2014-12-18 23:44 - 2014-12-03 13:30 - 00000500 _____ () C:\Windows\SysWOW64\Drivers\dcompbg204.dat
2014-12-18 23:44 - 2014-12-03 13:30 - 00000500 _____ () C:\Windows\d_iclink179.ini
2014-12-13 16:21 - 2013-03-22 09:38 - 00006273 _____ () C:\Users\Kiarash\Documents\plot.log
2014-12-13 15:12 - 2013-02-26 20:16 - 00000000 ____D () C:\Users\Kiarash\AppData\Local\cache
2014-12-12 19:50 - 2013-02-27 21:55 - 00000000 ____D () C:\Users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 02:37 - 2014-05-10 17:45 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-12-12 02:37 - 2014-05-10 17:45 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-12-12 01:25 - 2014-09-11 13:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 03:06 - 2014-05-06 20:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 12:51 - 2013-02-22 17:19 - 00000000 ____D () C:\Users\Kiarash\AppData\Roaming\Adobe
2014-12-09 09:13 - 2014-12-08 22:34 - 00365146 _____ () C:\Users\Kiarash\Downloads\hopefully the best trys3.dwg
2014-12-09 09:13 - 2014-12-08 22:34 - 00000208 ____H () C:\Users\Kiarash\Downloads\hopefully the best trys3.dwl2
2014-12-09 09:13 - 2014-12-08 22:34 - 00000058 ____H () C:\Users\Kiarash\Downloads\hopefully the best trys3.dwl
2014-12-09 08:12 - 2013-03-04 12:31 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002Core.job

Some content of TEMP:
====================
C:\Users\Kiarash\AppData\Local\Temp\BSI.exe
C:\Users\Kiarash\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Kiarash\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kiarash\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpk4c7.dll
C:\Users\Kiarash\AppData\Local\Temp\optprosetup.exe
C:\Users\Kiarash\AppData\Local\Temp\Quarantine.exe
C:\Users\Kiarash\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 13:38

==================== End Of Log ============================
 
And here is the addition Farbar Recovery Scan Tool report;

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Kiarash at 2015-01-08 11:40:49
Running from C:\Users\Kiarash\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Extreme (HKLM-x32\...\{783676EB-93A4-4373-B4FD-A0CC107FA349}) (Version: 2.0.60.42 - ArcSoft)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
AuthenTec TrueSuite (HKLM\...\{C76FAAED-E66D-488A-9E15-6082B527814A}) (Version: 5.2.0.642 - AuthenTec, Inc.)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk BIM 360 Revit 2015 Add-in 64 bit (HKLM\...\{37E1C3A1-7DBF-4250-9314-46167B68383D}) (Version: 3.32.3357 - Autodesk)
Autodesk Civil View for 3ds Max Design 2013 (HKLM-x32\...\{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}) (Version: 1.0.0.2 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{CCA78313-443C-4674-81B8-88919D137258}) (Version: 2.0.2.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max 2013 64-bit (HKLM\...\{7EDE5B68-1FB0-405D-88F0-A34236002DA8}) (Version: 1.0.0.1 - Autodesk)
Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit (HKLM\...\{62CBE596-1BB8-4D7B-A056-103287BAD1C4}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit) (Version: - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version: - Autodesk)
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Server Engine for 3ds Max 2013 64-bit (HKLM\...\{696BB53C-28E6-1664-974E-D42FFF5B8E04}) (Version: 15.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit (HKLM\...\{BC66B242-DF13-1664-851B-00123612ED98}) (Version: 15.0 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.8.100 - Autodesk)
Autodesk Revit 2013 (HKLM\...\Autodesk Revit 2013) (Version: 12.02.21203 - Autodesk)
Autodesk Revit 2015 (HKLM\...\Autodesk Revit 2015) (Version: 15.0.136.0 - Autodesk)
Autodesk Revit Content Libraries 2015 (HKLM\...\Autodesk Revit Content Libraries 2015) (Version: 15.0.136.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Autodesk Vasari Beta 3 (HKLM\...\Autodesk Vasari Beta 3) (Version: 13.09.26120 - Autodesk)
Autodesk Workflows 2015 (HKLM\...\{A90DD6F8-60D2-4803-AFF6-796400E73E1B}) (Version: 5.2.11.100 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2420.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2420.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2428.57 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version: - FARO Technologies)
FLV Player Free 1.0 (HKLM-x32\...\FLV Player Free_is1) (Version: - A Software Plus)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google SketchUp Pro 7 (HKLM-x32\...\{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}) (Version: 2.1.6860 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.9.2128 (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\GoToMeeting) (Version: 6.4.9.2128 - CitrixOnline)
Grasshopper (HKLM-x32\...\Grasshopper) (Version: - )
HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
Hotkey 6.0078 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0078 - NoteBook)
Hotkey 6.0078 (x32 Version: 6.0078 - NoteBook) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations Powered by RocketLife)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
iCare Data Recovery Standard (HKLM-x32\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.10.1300 - Intel Corporation)
Intel(R) Network Connections 16.7.166.0 (HKLM\...\PROSetDX) (Version: 16.7.166.0 - Intel)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LunchBox for Grasshopper (HKLM-x32\...\{BB8A72E8-2C08-4DC5-B80F-C5657D6897AF}) (Version: 5.5.2014 - The Proving Ground)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
MindMaple Lite 1.3 (HKLM-x32\...\MindMaple_is1) (Version: v1.3 - MindMaple Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NASA World Wind 1.4 (HKLM-x32\...\NASA World Wind 1.4) (Version: - )
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6733 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revit 2013 (Version: 12.02.21203 - Autodesk) Hidden
Revit 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
Revit 2015 (Version: 15.0.136.0 - Autodesk) Hidden
Revit 2015 Language Pack - English (Version: 15.0.136.0 - Autodesk) Hidden
Revit Content Libraries 2015 (Version: 15.0.136.0 - Autodesk) Hidden
Rhinoceros 4.0 (HKLM-x32\...\{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}) (Version: 4.0.20118 - McNeel & Associates)
Rhinoceros 4.0 SR8 (HKLM-x32\...\{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}) (Version: 4.0.50401 - Robert McNeel & Associates)
Rhinoceros 5 (64-bit) (HKLM\...\{F724A358-919B-408E-BC4D-14CE89A96AAC}) (Version: 5.10.41201.11145 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{D46E463D-0B38-44C4-920E-8EA731779E73}) (Version: 5.10.41201.11145 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{A97CF7D9-B596-424D-B31C-F89204763451}) (Version: 5.7.31022.19295 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (en-US) (HKLM-x32\...\{5BEEF6AA-5429-4D03-8985-02B3BF009EB3}) (Version: 5.10.41201.11145 - Robert McNeel & Associates)
RISA-3D 12.0 Demo (64-bit) (HKLM-x32\...\RISA-3D 12.0 Demo (64-bit)) (Version: 12.0.0.0 - RISA Technologies, LLC)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster X-Fi MB 2 (HKLM-x32\...\{C772C983-D57A-4FF9-80AF-13078C4646CE}) (Version: 1.04.01 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.18.0 - Synaptics Incorporated)
Synctunes Desktop (HKLM-x32\...\{DC519C80-23D5-4199-BA26-AE371BC0E507}) (Version: 1.0.9 - The Bit Studio)
Vasari Beta 3 (Version: 13.09.26120 - Autodesk) Hidden
Vasari Beta 3 Language Pack - English (Version: 13.09.26120 - Autodesk) Hidden
Vasari Prototype CFD Visualisation Plug-in (HKLM-x32\...\{A8B18FAE-6B52-4D45-89F4-6650AEAC98D6}_is1) (Version: 2012 - Autodesk, Inc.)
Vasari Solar Radiation Plug-in (HKLM-x32\...\{DFE67FD4-0C20-4E6D-972D-01709880E09C}_is1) (Version: 2012 - Autodesk, Inc.)
Vasari STL Export Plug-in (HKLM-x32\...\{FE5999DC-29D8-40A8-B4F5-1BB626969AF8}_is1) (Version: 2012 - Autodesk, Inc.)
Vasari Wind Analysis Plug-in (HKLM-x32\...\{2039DBA4-4641-4500-A8AF-DDDC6DE518A1}_is1) (Version: 2012 - Autodesk, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.29 - NCH Software)
Viper Plagiarism Scanner (HKLM-x32\...\{2D9F8754-84AB-4C46-8243-9EADF23A63EE}_is1) (Version: 4.1.90.1039 - All Answers Ltd)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{083C82AE-568E-45dd-A92C-01422CA45760}\InprocServer32 -> C:\Program Files\Autodesk\Revit 2013\Program\APIContext.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat 11.0\pdfmaker\autocad\2013\64\acrobatacadic.dbx (Adobe Systems Incorporated)

==================== Restore Points =========================

24-12-2014 03:00:11 Windows Update
24-12-2014 03:09:23 Windows Update
24-12-2014 16:17:43 Windows Update
24-12-2014 21:34:47 Windows Update
25-12-2014 12:16:08 Windows Update
26-12-2014 09:13:21 Windows Update
26-12-2014 10:08:30 Windows Update
26-12-2014 17:05:49 Windows Update
26-12-2014 22:21:07 Windows Update
27-12-2014 08:29:20 Windows Update
27-12-2014 09:35:40 Windows Update
05-01-2015 22:32:03 Windows Update
05-01-2015 22:39:08 Windows Backup
05-01-2015 23:05:20 Windows Update
06-01-2015 09:29:37 Windows Update
07-01-2015 00:48:53 Windows Update
07-01-2015 10:16:40 Windows Update
07-01-2015 14:47:51 Windows Update
08-01-2015 01:44:01 Windows Update
08-01-2015 10:47:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-12-05 00:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {031C293D-3E60-41E8-91D7-9D78702C7A0B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {183FEC59-FF85-4EBE-9F2A-24CDFE53AF6B} - System32\Tasks\G2MUpdateTask-S-1-5-21-900365376-1320249618-260173824-1002 => C:\Users\Kiarash\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe [2015-01-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {225CEF0A-972A-4DEE-BE10-EAF7C78F781A} - System32\Tasks\AdobeAAMUpdater-1.0-Kiarash-PC-Kiarash => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {2494B099-B96E-4058-8381-FB4B358E0CE5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {30362236-6D81-481C-A270-D3FC304656AC} - System32\Tasks\Pointstone\System Cleaner\Startup Dialog => C:\Program Files (x86)\Pointstone\System Cleaner 7\Helper.exe
Task: {37962A78-C9C1-4C38-AE2D-6737A4A61690} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {473A9D07-D4FB-404C-9825-E77453DB3533} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002Core => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.)
Task: {4FF0B9AF-23BC-4D40-B20C-5F4A2A5319E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-08] (Adobe Systems Incorporated)
Task: {5556541B-0BD6-4B0C-8BDA-8927F58524E0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-900365376-1320249618-260173824-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {56BD6604-E8C9-444E-8CA6-903F38196007} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-03-05] ()
Task: {5C3E77CE-D8D6-4462-8575-E481B560968A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {6CA2F9CE-6715-4D88-82D5-C7D6972C7BCA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7C626F8C-8D9F-4FB8-A072-277CF8324ECC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {8549F758-5F98-4EE0-9756-3B8E792CB320} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8C53CD37-7F0C-40B3-A7D2-7A7B62FF2EFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3339B43-1DF5-4B0D-A516-D4C260352483} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-05] (AVAST Software)
Task: {A52517F0-6DAE-4EBD-8B56-11FB179347C5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {AA165AC5-4B94-4690-A4A3-FFEA4BCD0F57} - \DonutQuotes No Task File <==== ATTENTION
Task: {ABD5B2FB-298C-4B1C-AA27-7996E4BD0EDA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-900365376-1320249618-260173824-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B3E48C65-8D5D-43E0-8571-7DE27A538FCF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {D062A9B5-6EF7-420B-9319-99674D6B32DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002UA => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.)
Task: {E1E3FD2D-F7A9-44BF-8136-D0DF9A3BC7E5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F2013438-688F-4F70-B8B1-4AF5C80565A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {F77AF9B6-612C-4FD4-AB8C-3D5DADF58A86} - System32\Tasks\CIMT_S-1-5-21-900365376-1320249618-260173824-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-900365376-1320249618-260173824-1002.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-900365376-1320249618-260173824-1002.job => C:\Users\Kiarash\AppData\Local\Citrix\GoToMeeting\2128\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002Core.job => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002UA.job => C:\Users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2013-02-13 16:25 - 2012-10-11 23:36 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-10 16:09 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-09-14 20:19 - 2011-09-14 20:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2012-06-28 16:44 - 2012-06-28 16:44 - 00035840 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2014-02-23 22:51 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2011-11-03 03:09 - 2011-11-03 03:09 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2011-11-03 03:08 - 2011-11-03 03:08 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-10-25 22:48 - 2012-10-25 22:48 - 04739072 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2013-02-12 18:37 - 2013-02-12 18:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-26 13:40 - 2014-09-26 13:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-11-14 18:34 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-08 10:43 - 2015-01-08 10:43 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010800\algo.dll
2014-04-12 16:37 - 2014-06-20 22:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-04-12 16:37 - 2014-06-20 22:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-06 14:50 - 2009-06-06 14:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2006-12-11 02:10 - 2006-12-11 02:10 - 00049152 _____ () C:\Program Files (x86)\Hotkey\AudioControlDLL.dll
2013-02-13 17:04 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-02-13 17:04 - 2010-06-08 13:22 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-08 11:32 - 2015-01-08 11:32 - 00043008 _____ () c:\users\kiarash\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpk4c7.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\Kiarash\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-14 18:30 - 2014-11-14 18:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-02-12 18:38 - 2013-02-12 18:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-28 20:01 - 2014-09-28 20:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-12-05 21:26 - 2014-12-05 21:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-08 11:32 - 2014-06-20 22:19 - 00104328 _____ () C:\Users\Kiarash\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2014-10-14 10:37 - 2014-10-14 10:37 - 00081056 _____ () C:\Users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-09-28 20:01 - 2014-09-28 20:01 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 20:01 - 2014-09-28 20:01 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792
AlternateDataStreams: C:\Users\Kiarash\Local Settings:c8wNU8nkjH52IS2RM5M
AlternateDataStreams: C:\Users\Kiarash\Local Settings:eek:UnR8AElFznQuLfU
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ComboFix (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ComboFix (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\DefaultPack.EXE:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\DefaultPack.EXE:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Kiarash\Downloads\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\Kiarash\Downloads\Windows-KB890830-x64-V5.18.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\Windows-KB890830-x64-V5.18.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\wzro18.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\wzro18.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\AppData\Local:c8wNU8nkjH52IS2RM5M
AlternateDataStreams: C:\Users\Kiarash\AppData\Local:eek:UnR8AElFznQuLfU
AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Application Data:c8wNU8nkjH52IS2RM5M
AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Application Data:eek:UnR8AElFznQuLfU
AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Temporary Internet Files:4rPMVkoomGsIG7FYbwg8pA1g6

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-900365376-1320249618-260173824-500 - Administrator - Disabled)
Guest (S-1-5-21-900365376-1320249618-260173824-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-900365376-1320249618-260173824-1004 - Limited - Enabled)
Kiarash (S-1-5-21-900365376-1320249618-260173824-1002 - Administrator - Enabled) => C:\Users\Kiarash
UpdatusUser (S-1-5-21-900365376-1320249618-260173824-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-12-05 00:37:15.918
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-05 00:37:15.871
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 17%
Total physical RAM: 16307.44 MB
Available physical RAM: 13502.71 MB
Total Pagefile: 32613.05 MB
Available Pagefile: 29658.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:11.46 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:223.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7AD5B1C6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 734797D3)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    6.1 KB · Views: 1
Here it is;
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Kiarash at 2015-01-08 12:16:04 Run:1
Running from C:\Users\Kiarash\Desktop
Loaded Profiles: UpdatusUser & Kiarash (Available profiles: UpdatusUser & Kiarash)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-900365376-1320249618-260173824-1001\...\MountPoints2: {ce898747-7635-11e2-8581-806e6f6e6963} - E:\autorun.exe
C:\Program Files\Kromtech
HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-900365376-1320249618-260173824-1002] => http=127.0.0.1:59768;https=127.0.0.1:59768
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900365376-1320249618-260173824-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_dnldstr_14_49_ch_na01&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzztD0E0CtAtA0E0EtBtDtCtN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StA0EzytCyE0A0CtBtGtBtB0FyDtGzy0D0AtAtG0F0CyDzytGyCzztByBtBtByCtD0AtAtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDtBtBtD0CyEyEtGzyyCyE0DtGyEyDzzzytG0Azy0F0BtGtCzyyDtBtByCyByDyE0CyC0E2Q&cr=1428691166&ir="
CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Chrome\Extension: [fdeikhckcedpnofpmfaakfhppidegbcp] - C:\Users\Kiarash\AppData\Local\CRE\fdeikhckcedpnofpmfaakfhppidegbcp.crx [Not Found]
CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Chrome\Extension: [hhfghaejnmdegcnoohmegfhnfmehpkbl] - C:\Users\Kiarash\AppData\Local\CRE\hhfghaejnmdegcnoohmegfhnfmehpkbl.crx [Not Found]
CHR HKU\S-1-5-21-900365376-1320249618-260173824-1002\...\Chrome\Extension: [pnjnnnhampgflieglcelomcofocioegp] - C:\Users\Kiarash\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fdeikhckcedpnofpmfaakfhppidegbcp] - C:\Users\Kiarash\AppData\Local\CRE\fdeikhckcedpnofpmfaakfhppidegbcp.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hhfghaejnmdegcnoohmegfhnfmehpkbl] - C:\Users\Kiarash\AppData\Local\CRE\hhfghaejnmdegcnoohmegfhnfmehpkbl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pnjnnnhampgflieglcelomcofocioegp] - C:\Users\Kiarash\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx [Not Found]
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
S3 cpuz130; No ImagePath
C:\Users\Kiarash\AppData\Local\Temp\BSI.exe
C:\Users\Kiarash\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Kiarash\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kiarash\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpk4c7.dll
C:\Users\Kiarash\AppData\Local\Temp\optprosetup.exe
C:\Users\Kiarash\AppData\Local\Temp\Quarantine.exe
C:\Users\Kiarash\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kiarash\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
Task: {AA165AC5-4B94-4690-A4A3-FFEA4BCD0F57} - \DonutQuotes No Task File <==== ATTENTION
Task: {F77AF9B6-612C-4FD4-AB8C-3D5DADF58A86} - System32\Tasks\CIMT_S-1-5-21-900365376-1320249618-260173824-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-900365376-1320249618-260173824-1002.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792
AlternateDataStreams: C:\Users\Kiarash\Local Settings:c8wNU8nkjH52IS2RM5M
AlternateDataStreams: C:\Users\Kiarash\Local Settings:eek:UnR8AElFznQuLfU
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ccsetup500_slim.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ComboFix (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\ComboFix (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\DefaultPack.EXE:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\DefaultPack.EXE:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Kiarash\Downloads\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\Kiarash\Downloads\Windows-KB890830-x64-V5.18.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\Windows-KB890830-x64-V5.18.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\Downloads\wzro18.exe:$CmdTcID
AlternateDataStreams: C:\Users\Kiarash\Downloads\wzro18.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kiarash\AppData\Local:c8wNU8nkjH52IS2RM5M
AlternateDataStreams: C:\Users\Kiarash\AppData\Local:eek:UnR8AElFznQuLfU
AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Application Data:c8wNU8nkjH52IS2RM5M
AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Application Data:eek:UnR8AElFznQuLfU
AlternateDataStreams: C:\Users\Kiarash\AppData\Local\Temporary Internet Files:4rPMVkoomGsIG7FYbwg8pA1g6

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-900365376-1320249618-260173824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully.
"HKU\S-1-5-21-900365376-1320249618-260173824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce898747-7635-11e2-8581-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{ce898747-7635-11e2-8581-806e6f6e6963} => Key not found.
"C:\Program Files\Kromtech" => File/Directory not found.
HKU\S-1-5-21-900365376-1320249618-260173824-1002\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-900365376-1320249618-260173824-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-900365376-1320249618-260173824-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72351B45-9636-4F99-820B-7C552D27897D}}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}} => Key not found.
Chrome StartupUrls deleted successfully.
"HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp" => Key deleted successfully.
"HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Google\Chrome\Extensions\hhfghaejnmdegcnoohmegfhnfmehpkbl" => Key deleted successfully.
"HKU\S-1-5-21-900365376-1320249618-260173824-1002\SOFTWARE\Google\Chrome\Extensions\pnjnnnhampgflieglcelomcofocioegp" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhfghaejnmdegcnoohmegfhnfmehpkbl" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pnjnnnhampgflieglcelomcofocioegp" => Key deleted successfully.
MsMpSvc => Service deleted successfully.
NisSrv => Service deleted successfully.
cpuz130 => Service deleted successfully.
C:\Users\Kiarash\AppData\Local\Temp\BSI.exe => Moved successfully.
C:\Users\Kiarash\AppData\Local\Temp\ConsumerInputSetup.exe => Moved successfully.
C:\Users\Kiarash\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Kiarash\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpk4c7.dll => Moved successfully.
C:\Users\Kiarash\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Kiarash\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Kiarash\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-900365376-1320249618-260173824-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA165AC5-4B94-4690-A4A3-FFEA4BCD0F57}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA165AC5-4B94-4690-A4A3-FFEA4BCD0F57}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F77AF9B6-612C-4FD4-AB8C-3D5DADF58A86}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F77AF9B6-612C-4FD4-AB8C-3D5DADF58A86}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-900365376-1320249618-260173824-1002 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-900365376-1320249618-260173824-1002" => Key deleted successfully.
C:\Windows\Tasks\CIMT_S-1-5-21-900365376-1320249618-260173824-1002.job => Moved successfully.
C:\Windows\system32\Drivers\mbam.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\mwac.sys => ":$CmdTcID" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":D346F792" ADS removed successfully.
"C:\Users\Kiarash\Local Settings" => ":c8wNU8nkjH52IS2RM5M" ADS not found.
"C:\Users\Kiarash\Local Settings" => ":eek:UnR8AElFznQuLfU" ADS not found.
C:\Users\Kiarash\Downloads\ccsetup500_slim (1).exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Kiarash\Downloads\ccsetup500_slim (1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Kiarash\Downloads\ccsetup500_slim.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Kiarash\Downloads\ccsetup500_slim.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Kiarash\Downloads\ComboFix (2).exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Kiarash\Downloads\ComboFix (2).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Kiarash\Downloads\DefaultPack.EXE => ":$CmdTcID" ADS removed successfully.
C:\Users\Kiarash\Downloads\DefaultPack.EXE => ":$CmdZnID" ADS removed successfully.
C:\Users\Kiarash\Downloads\mbam-setup-2.0.4.1028.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Kiarash\Downloads\mbam-setup-2.0.4.1028.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Kiarash\Downloads\noname (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Kiarash\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Kiarash\Downloads\Windows-KB890830-x64-V5.18.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Kiarash\Downloads\Windows-KB890830-x64-V5.18.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Kiarash\Downloads\wzro18.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Kiarash\Downloads\wzro18.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Kiarash\AppData\Local => ":c8wNU8nkjH52IS2RM5M" ADS removed successfully.
"C:\Users\Kiarash\AppData\Local" => ":eek:UnR8AElFznQuLfU" ADS not found.
"C:\Users\Kiarash\AppData\Local\Application Data" => ":c8wNU8nkjH52IS2RM5M" ADS not found.
"C:\Users\Kiarash\AppData\Local\Application Data" => ":eek:UnR8AElFznQuLfU" ADS not found.
"C:\Users\Kiarash\AppData\Local\Temporary Internet Files" => ":4rPMVkoomGsIG7FYbwg8pA1g6" ADS not found.

==== End of Fixlog 12:16:05 ====
 
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Here is the security check report;

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.235
Adobe Reader XI
Mozilla Firefox (34.0.5)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Here is the Farbar service scanner report;
Farbar Service Scanner Version: 21-07-2014
Ran by Kiarash (administrator) on 08-01-2015 at 17:47:22
Running from "C:\Users\Kiarash\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
  • Like
Reactions: cheetadready
Hey thanks a lot for all you have done.
so far my computer is doing great and way better than before.
I finally was successful running the antivirus scan completely and my anti-malware scan completely without my PC turning off on me.
I am very very thankful for your help.
And I will keep you posted if there is anything important.
 
You must log in or register to reply here.

Similar threads

A
Android users will soon be able to pause Google's anti-malware service for sideloading
Replies
1
Views
110
ZedRM
ZedRM
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A
midian182
Avast Free Antivirus: Testing its features and learning about the six layers of protection
Replies
0
Views
718
midian182
midian182

Latest posts

Back