Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Starts up Too Slow, Black Screen before loading Desktop

Bootslow Black Screen Lag Boot slow black screen lag

  • Please log in to reply

#1
simon_grylls

simon_grylls

    Member

  • Member
  • PipPip
  • 57 posts

Hi,

I got a Problem,

Whenever i start my computer it boot up slowly and after the Welcome screen it shows a black screen with the cursor, i can move the cursor but nothing happens when i click, and only after 3-5 minutes it loads the desktop.

And when i play games it lags, before this problem the games runs smoothly but now it lags.

 

Please Help Me....

Thanks in Advance....

 

My Specs

OS: Windows 7 Ultimate 32-Bit

Processor: Dual Core E5700 3.00GHz

Ram: 2GB

HDD: 300GB


Edited by simon_grylls, 10 February 2017 - 11:54 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

#3
simon_grylls

simon_grylls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Thanks for reply Brother,

On the completion of the system scan on cmd, it shows "Windows Resource Protection did not find any integrity violations".

 

Once Again Thanks...

 

VEW Log of System:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/02/2017 8:50:19 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/02/2017 3:14:59 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The 00988cc52681f79d7402492eaa25ad0b service terminated with the following error:  %%-2147467259
 
Log: 'System' Date/Time: 11/02/2017 3:14:59 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The 932be9a3731349e7b1524f7f7157dbb5 service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/02/2017 3:14:58 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  932be9a3731349e7b1524f7f7157dbb5 sfdrv01 sfsync02 sfvfs02
 
Log: 'System' Date/Time: 11/02/2017 3:14:58 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The 00988cc52681f79d7402492eaa25ad0b service hung on starting.
 
Log: 'System' Date/Time: 11/02/2017 3:12:33 AM
Type: Error Category: 0
Event: 875 Source: Application Popup
Driver sfdrv01.sys has been blocked from loading.
 
Log: 'System' Date/Time: 11/02/2017 3:12:33 AM
Type: Error Category: 0
Event: 875 Source: Application Popup
Driver sfvfs02.sys has been blocked from loading.
 
Log: 'System' Date/Time: 11/02/2017 3:12:31 AM
Type: Error Category: 0
Event: 875 Source: Application Popup
Driver sfsync02.sys has been blocked from loading.
 
Log: 'System' Date/Time: 11/02/2017 1:50:25 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The 00988cc52681f79d7402492eaa25ad0b service terminated with the following error:  %%-2147467259
 
Log: 'System' Date/Time: 11/02/2017 1:50:25 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The 932be9a3731349e7b1524f7f7157dbb5 service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/02/2017 1:50:24 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Network Inspection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 11/02/2017 1:50:24 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
 
Log: 'System' Date/Time: 11/02/2017 1:50:25 AM
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007041d   Error description: The service did not respond to the start or control request in a timely fashion.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
Log: 'System' Date/Time: 11/02/2017 1:49:52 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  932be9a3731349e7b1524f7f7157dbb5 sfdrv01 sfsync02 sfvfs02
 
Log: 'System' Date/Time: 11/02/2017 1:49:52 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The 00988cc52681f79d7402492eaa25ad0b service hung on starting.
 
Log: 'System' Date/Time: 11/02/2017 1:47:42 AM
Type: Error Category: 0
Event: 875 Source: Application Popup
Driver sfdrv01.sys has been blocked from loading.
 
Log: 'System' Date/Time: 11/02/2017 1:47:42 AM
Type: Error Category: 0
Event: 875 Source: Application Popup
Driver sfvfs02.sys has been blocked from loading.
 
Log: 'System' Date/Time: 11/02/2017 1:47:40 AM
Type: Error Category: 0
Event: 875 Source: Application Popup
Driver sfsync02.sys has been blocked from loading.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/02/2017 3:19:47 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name mail.google.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/02/2017 3:19:17 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name notification.adblockplus.org timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/02/2017 3:16:07 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_2717&PID_FF60&MI_00\6&390ea763&0&0000.
 
Log: 'System' Date/Time: 11/02/2017 3:15:28 AM
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Log: 'System' Date/Time: 11/02/2017 2:08:53 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 11/02/2017 1:50:37 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_2717&PID_FF60&MI_00\6&390ea763&0&0000.
 
Log: 'System' Date/Time: 11/02/2017 1:49:54 AM
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Log: 'System' Date/Time: 11/02/2017 1:47:09 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
VEW log of Application:
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/02/2017 8:52:27 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/02/2017 3:19:36 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 11/02/2017 3:19:36 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 11/02/2017 3:19:36 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 11/02/2017 3:19:35 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 11/02/2017 1:54:03 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 11/02/2017 1:54:03 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 11/02/2017 1:54:03 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 11/02/2017 1:54:03 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/02/2017 3:12:57 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled.  Applications that require this driver will not function properly without a patch.
 
Log: 'Application' Date/Time: 11/02/2017 3:12:57 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled.  Applications that require this driver will not function properly without a patch.
 
Log: 'Application' Date/Time: 11/02/2017 3:12:57 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled.  Applications that require this driver will not function properly without a patch.
 
Log: 'Application' Date/Time: 11/02/2017 1:48:07 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled.  Applications that require this driver will not function properly without a patch.
 
Log: 'Application' Date/Time: 11/02/2017 1:48:07 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled.  Applications that require this driver will not function properly without a patch.
 
Log: 'Application' Date/Time: 11/02/2017 1:48:07 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled.  Applications that require this driver will not function properly without a patch.
 
Procexp log (file name was "System Idle Process"):
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.87 0 K 24 K 0
procexp.exe 2.85 34,144 K 48,244 K 5172 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.30 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.26 26,656 K 24,068 K 2012 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 0.15 112,024 K 95,668 K 940 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
System 0.15 48 K 236 K 4
NvStreamUserAgent.exe 0.08 16,300 K 24,544 K 892 NVIDIA Streamer User Agent NVIDIA Corporation (Verified) NVIDIA Corporation
NvStreamNetworkService.exe 0.07 4,504 K 13,704 K 2052 NVIDIA Network Stream Service NVIDIA Corporation (Verified) NVIDIA Corporation
csrss.exe 0.07 2,220 K 11,872 K 540 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.06 4,868 K 9,980 K 2388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
UCBrowser.exe 0.02 84,444 K 122,396 K 5040 UC Browser UCWeb Inc. (Verified) TAOBAO (CHINA) SOFTWARE CO.
explorer.exe 0.02 34,324 K 46,168 K 112 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
NvStreamService.exe 0.02 3,292 K 8,448 K 2764 NVIDIA Streamer Service NVIDIA Corporation (Verified) NVIDIA Corporation
winwfpmonitor.exe 0.01 1,608 K 1,548 K 1788 (No signature was present in the subject) 
USBGuard.exe 0.01 7,672 K 16,052 K 1736 USB Disk Security Zbshareware Lab (Verified) Lanzhou Itanium Software Technology Co.
lsass.exe 0.01 3,156 K 6,756 K 600 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 0.01 9,624 K 8,092 K 1848 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 0.01 15,088 K 14,024 K 1208 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 7,136 K 7,112 K 1968 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 18,460 K 28,132 K 1144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,260 K 12,496 K 1388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 24,780 K 15,340 K 732 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,132 K 12,348 K 1276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 1,344 K 2,828 K 640 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 62,024 K 64,616 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CloudPrinter.exe < 0.01 17,256 K 9,808 K 1908 (No signature was present in the subject)
csrss.exe < 0.01 1,440 K 3,296 K 464 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
NvBackend.exe < 0.01 68,472 K 74,796 K 3228 NVIDIA Backend NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe < 0.01 3,500 K 8,276 K 1456 NVIDIA Driver Helper Service, Version 342.00 NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe < 0.01 13,120 K 14,824 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,024 K 4,992 K 4760 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,708 K 6,376 K 6116 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 636 K 2,092 K 3208 Microsoft® Windows Live ID Service Monitor Microsoft Corporation (Verified) Microsoft Corporation
WLIDSVC.EXE 3,240 K 7,304 K 2920 Microsoft® Windows Live ID Service Microsoft Corporation (Verified) Microsoft Corporation
winlogon.exe 1,700 K 4,108 K 628 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 932 K 2,912 K 528 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UCBrowser.exe 62,700 K 79,652 K 5564 UC Browser UCWeb Inc. (Verified) TAOBAO (CHINA) SOFTWARE CO.
UCBrowser.exe 75,140 K 74,280 K 5104 UC Browser UCWeb Inc. (Verified) TAOBAO (CHINA) SOFTWARE CO.
UCBrowser.exe 54,860 K 54,372 K 5424 UC Browser UCWeb Inc. (Verified) TAOBAO (CHINA) SOFTWARE CO.
UCBrowser.exe 13,692 K 11,844 K 720 UC Browser UCWeb Inc. (Verified) TAOBAO (CHINA) SOFTWARE CO.
taskhost.exe 1,144 K 3,900 K 3512 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,388 K 3,860 K 1680 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,212 K 4,696 K 4780 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,296 K 6,432 K 748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,408 K 6,288 K 876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,400 K 13,628 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 768 K 2,672 K 2692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 800 K 2,772 K 2816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,940 K 5,944 K 2840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,264 K 9,344 K 1664 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 272 K 736 K 336 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 4,812 K 7,836 K 576 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
nvxdsync.exe 5,204 K 12,516 K 1448 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 1,704 K 4,884 K 808 NVIDIA Driver Helper Service, Version 342.00 NVIDIA Corporation (Verified) NVIDIA Corporation
nvtray.exe 3,236 K 8,424 K 3188 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
nvSCPAPISvr.exe 2,144 K 3,356 K 828 Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
NvNetworkService.exe 4,880 K 7,224 K 2728 NVIDIA Network Service NVIDIA Corporation (Verified) NVIDIA Corporation
NisSrv.exe 11,728 K 8,368 K 2124 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 4,868 K 11,464 K 212 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MMERefresh.exe 568 K 2,076 K 2600 Digidesign MME Binder Avid Technology, Inc. (No signature was present in the subject) Avid Technology, Inc.
igfxsrvc.exe 1,524 K 4,672 K 1644 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
GrooveMonitor.exe 2,816 K 8,356 K 2132 GrooveMonitor Utility Microsoft Corporation (Verified) Microsoft Corporation
GoogleUpdate.exe 1,720 K 676 K 1356 Google Installer Google Inc. (Verified) Google Inc
GfExperienceService.exe 2,952 K 6,324 K 2636 NVIDIA GeForce ExperienceService NVIDIA Corporation (Verified) NVIDIA Corporation
conhost.exe 528 K 2,020 K 2020 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 864 K 3,568 K 2176 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
alg.exe 920 K 3,324 K 2584 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows
 
Junk.TXT :
 
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       336 N/A                                         
csrss.exe                      464 N/A                                         
wininit.exe                    528 N/A                                         
csrss.exe                      540 N/A                                         
services.exe                   576 N/A                                         
lsass.exe                      600 KeyIso, SamSs                               
winlogon.exe                   628 N/A                                         
lsm.exe                        640 N/A                                         
svchost.exe                    748 DcomLaunch, PlugPlay, Power                 
nvvsvc.exe                     808 nvsvc                                       
nvSCPAPISvr.exe                828 Stereo Service                              
svchost.exe                    876 RpcEptMapper, RpcSs                         
MsMpEng.exe                    940 MsMpSvc                                     
svchost.exe                   1064 Audiosrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                   1100 AudioEndpointBuilder, CscService, Netman,   
                                   PcaSvc, SysMain, TrkWks, UxSms,             
                                   WdiSystemHost, Wlansvc, wudfsvc             
svchost.exe                   1144 AeLookupSvc, Appinfo, BITS, Browser,        
                                   EapHost, gpsvc, IKEEXT, iphlpsvc,           
                                   LanmanServer, MMCSS, ProfSvc, RasMan,       
                                   Schedule, SENS, SharedAccess,               
                                   ShellHWDetection, Themes, Winmgmt, wuauserv 
svchost.exe                   1276 EventSystem, fdPHost, netprofm, nsi,        
                                   SstpSvc, WdiServiceHost, WinHttpAutoProxySv 
svchost.exe                   1388 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv                             
nvxdsync.exe                  1448 N/A                                         
nvvsvc.exe                    1456 N/A                                         
svchost.exe                   1540 BFE, DPS, MpsSvc, WwanSvc                   
spoolsv.exe                   1664 Spooler                                     
taskeng.exe                   1680 N/A                                         
winwfpmonitor.exe             1788 N/A                                         
taskhost.exe                  1968 N/A                                         
dwm.exe                       2012 N/A                                         
conhost.exe                   2020 N/A                                         
explorer.exe                   112 N/A                                         
GoogleUpdate.exe              1356 N/A                                         
CloudPrinter.exe              1908 CloudPrinter                                
MMERefresh.exe                2600 DigiRefresh                                 
GfExperienceService.exe       2636 GfExperienceService                         
svchost.exe                   2692 Net Driver HPZ12                            
NvNetworkService.exe          2728 NvNetworkService                            
NvStreamService.exe           2764 NvStreamSvc                                 
svchost.exe                   2816 Pml Driver HPZ12                            
svchost.exe                   2840 StiSvc                                      
WLIDSVC.EXE                   2920 wlidsvc                                     
nvtray.exe                    3188 N/A                                         
WLIDSVCM.EXE                  3208 N/A                                         
NvBackend.exe                 3228 N/A                                         
NvStreamNetworkService.ex     2052 NvStreamNetworkSvc                          
SearchIndexer.exe              732 WSearch                                     
NisSrv.exe                    2124 NisSrv                                      
NvStreamUserAgent.exe          892 N/A                                         
conhost.exe                   2176 N/A                                         
alg.exe                       2584 ALG                                         
svchost.exe                   2388 FontCache, SSDPSRV, upnphost, wcncsvc       
taskhost.exe                  3512 N/A                                         
GrooveMonitor.exe             2132 N/A                                         
USBGuard.exe                  1736 N/A                                         
msseces.exe                    212 N/A                                         
igfxsrvc.exe                  1644 N/A                                         
wmpnetwk.exe                  1848 WMPNetworkSvc                               
UCBrowser.exe                 5040 N/A                                         
UCBrowser.exe                 5104 N/A                                         
UCBrowser.exe                 5424 N/A                                         
UCBrowser.exe                 5564 N/A                                         
taskeng.exe                   4780 N/A                                         
WmiPrvSE.exe                  4760 N/A                                         
UCBrowser.exe                  720 N/A                                         
SearchProtocolHost.exe        4956 N/A                                         
SearchFilterHost.exe          1880 N/A                                         
audiodg.exe                   5736 N/A                                         
dllhost.exe                   4364 N/A                                         
dllhost.exe                   4548 N/A                                         
cmd.exe                       3520 N/A                                         
conhost.exe                   4608 N/A                                         
WmiPrvSE.exe                  4996 N/A                                         
tasklist.exe                  3556 N/A                                         
 

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

You have two random named services and UCBrowser adware so I'm going to have this moved to the Malware forum so we can run FRST

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
    •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #5
    simon_grylls

    simon_grylls

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    Thanks Bro,

    After the adwcleaner the pc reboots and while restarting the black screen after the welcome screen was gone, desktop loaded quickly after the welcome screen.

     

    ADWCleaner Log:

     

    # AdwCleaner v6.043 - Logfile created 11/02/2017 at 11:49:16
    # Updated on 27/01/2017 by Malwarebytes
    # Database : 2017-01-27.1 [Local]
    # Operating System : Windows 7 Ultimate Service Pack 1 (X86)
    # Username : john - SIMONRJ
    # Running from : C:\Users\john\Desktop\AdwCleaner.exe
    # Mode: Clean
     
     
     
    ***** [ Services ] *****
     
    [-] Service deleted: 00988cc52681f79d7402492eaa25ad0b
    [-] Service deleted: 932be9a3731349e7b1524f7f7157dbb5
    [-] Service deleted: CloudPrinter
    [-] Service deleted: HPReyos Service
     
     
    ***** [ Folders ] *****
     
    [-] Folder deleted: C:\Program Files\00988cc52681f79d7402492eaa25ad0b
    [-] Folder deleted: C:\Users\john\AppData\Local\11657
    [-] Folder deleted: C:\Users\john\AppData\Local\28050
    [-] Folder deleted: C:\Users\john\AppData\Local\PackageAware
    [-] Folder deleted: C:\Users\john\AppData\LocalLow\Speedbit
    [-] Folder deleted: C:\Users\john\AppData\Roaming\PC Speed Maximizer
    [-] Folder deleted: C:\Users\john\AppData\Roaming\Speedbit
    [-] Folder deleted: C:\Users\john\AppData\Roaming\Yahoo!\Companion
    [-] Folder deleted: C:\Users\john\AppData\Roaming\HPReyos
    [-] Folder deleted: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ignite
    [-] Folder deleted: C:\ProgramData\Speedbit
    [-] Folder deleted: C:\ProgramData\CloudPrinter
    [-] Folder deleted: C:\ProgramData\Webitar Production Inc
    [-] Folder deleted: C:\ProgramData\Hotfreshs
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Speedbit
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\CloudPrinter
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Webitar Production Inc
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Hotfreshs
    [-] Folder deleted: C:\Users\Public\Documents\ShopperPro
    [-] Folder deleted: C:\Users\Public\Documents\Speedbit
    [-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Security Toolbar
    [-] Folder deleted: C:\Users\john\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
    [-] Folder deleted: C:\Windows\system32\SSL
     
     
    ***** [ Files ] *****
     
    [-] File deleted: C:\Windows\system32\findit.xml
     
     
    ***** [ DLL ] *****
     
     
     
    ***** [ WMI ] *****
     
     
     
    ***** [ Shortcuts ] *****
     
     
     
    ***** [ Scheduled Tasks ] *****
     
    [-] Task deleted: UCBrowserUpdaterCore
     
     
    ***** [ Registry ] *****
     
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Object Browser-bg.exe]
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2547bfbb-28b8-4280-8ac9-d0da592ab3a9}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3241835b-f0aa-4f3e-b496-49c571a67b69}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69e83b71-fbbd-4bb0-964b-266df7bbdb3f}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76b1081b-3dad-4182-bbb8-92f6954afaf4}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a613f597-dfb9-4da8-b06c-f5926b59fc5d}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eecaeb4a-b5d7-40da-918f-455c94fdaddb}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\HPReyos Service
    [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift
    [-] Key deleted: HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift
    [-] Key deleted: HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\TV3D65.TVMiniMesh
    [-] Key deleted: HKLM\SOFTWARE\Classes\TV3D65.TVMiniMesh.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
    [-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
    [-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKU\.DEFAULT\Software\ompndb
    [-] Key deleted: HKU\.DEFAULT\Software\Auslogics
    [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\iWebar
    [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser
    [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Sense
    [-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
    [-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser
    [-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Sense
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Installer
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\pc speed maximizer
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Yahoo\Companion
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Yahoo\YFriendsBar
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\INSTALLPATH\STATUS
    [#] Key deleted on reboot: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\PC Speed Maximizer
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Auslogics
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\mtHotfresh
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\ShopperPro
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\SpeedBit
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser
    [-] Key deleted: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Sense
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\iWebar
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Object Browser
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Sense
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Sense
    [#] Key deleted on reboot: HKCU\Software\Installer
    [#] Key deleted on reboot: HKCU\Software\pc speed maximizer
    [#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
    [#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
    [#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
    [#] Key deleted on reboot: HKCU\Software\PC Speed Maximizer
    [#] Key deleted on reboot: HKCU\Software\Auslogics
    [#] Key deleted on reboot: HKCU\Software\mtHotfresh
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key deleted: HKLM\SOFTWARE\W3I
    [-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
    [-] Key deleted: HKLM\SOFTWARE\youndooSoftware
    [-] Key deleted: HKLM\SOFTWARE\ompndb
    [-] Key deleted: HKLM\SOFTWARE\Webitar Production Inc.
    [-] Key deleted: HKLM\SOFTWARE\HPReyos
    [-] Key deleted: HKLM\SOFTWARE\mtHotfresh
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPReyos
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
    [-] Key deleted: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
    [-] Value deleted: HKCU\Environment [SNF]
    [-] Value deleted: HKCU\Environment [SNP]
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
    [#] Key deleted on reboot: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
    [#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
    [#] Key deleted on reboot: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    [-] Key deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Hotfresh.exe
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hotfresh.exe
    [-] Value deleted: HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
    [-] Value deleted: HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
    [-] Value deleted: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
    [-] Key deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
     
     
    ***** [ Web browsers ] *****
     
     
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C0].txt - [15986 Bytes] - [11/02/2017 11:49:16]
    C:\AdwCleaner\AdwCleaner[R0].txt - [36143 Bytes] - [13/05/2015 17:05:40]
    C:\AdwCleaner\AdwCleaner[R1].txt - [956 Bytes] - [13/05/2015 19:53:07]
    C:\AdwCleaner\AdwCleaner[S0].txt - [35158 Bytes] - [13/05/2015 17:06:58]
    C:\AdwCleaner\AdwCleaner[S1].txt - [15290 Bytes] - [11/02/2017 11:48:11]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16354 Bytes] ##########
     
    JRT Log:
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 7 Ultimate x86 
    Ran by john (Administrator) on 11-Feb-17 at 11:56:45.46
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 0 
     
     
    Deleted the following from C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\prefs.js
    user_pref(browser.search.searchengine.hp, hxxp://www.youndoo.com/?z=92dc84caef54f3cca27619dg4z3b7q2z0q3o5b4gam&from=wak&uid=HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX&ty
    user_pref(browser.search.searchengine.sp, hxxp://www.youndoo.com/search/?from=wak&q={searchTerms}&type=sp&uid=HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX&z=92dc84caef54f3
    user_pref(browser.search.searchengine.uid, HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX);
    user_pref(browser.search.searchengine.url, hxxp://www.youndoo.com/search/?from=wak&q={searchTerms}&type=sp&uid=HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX&z=92dc84caef54f
    user_pref(browser.urlbar.suggest.searches, true);
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11-Feb-17 at 11:57:45.37
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    FRST Log:
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2017
    Ran by john (administrator) on SIMONRJ (11-02-2017 12:00:14)
    Running from C:\Users\john\Desktop
    Loaded Profiles: john (Available Profiles: john)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: "C:\Program Files\UCBrowser\Application\UCBrowser.exe" -- "%1")
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    () F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe
    (Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
    HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
    HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [687336 2014-05-23] (Zbshareware Lab)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNTA0MTQzMjE0LVFJWDErNC1YMjAxMCsyLUxJQysyLVNQMSsxLVNVU (the data entry has 65 more characters).
    HKLM\...\Policies\Explorer: [UseDefaultTile] 0
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Policies\system: [NoDispCPL] 0
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: I - I:\autorun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {09188fee-04a8-11e6-9b69-4487fcab4607} - H:\Setup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {09188ff6-04a8-11e6-9b69-4487fcab4607} - H:\Setup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {1338a56d-d769-11dd-92db-4487fcab4607} - H:\Setup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {1895f0f4-d769-11dd-9f14-02030f513535} - H:\SISetup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {39502bf7-433d-11e6-acea-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {4145d62e-d7b9-11dd-a875-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {6cf5b879-d8ac-11dd-80f5-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {ac57d268-d7e2-11dd-adb8-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {aca8c064-8228-11e4-99e2-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {f52afa20-515d-11e4-9969-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKLM\...\Providers\4sb5o2kd: C:\Program Files\Tolzermght Adapter\local32spl.dll [274944 2017-02-07] ()
    ShellExecuteHooks: No Name - {54AAFC92-EABC-11E6-A1B6-64006A5CFC23} - C:\Users\john\AppData\Roaming\Cujercult\Atazokclvuph.dll [126464 2017-02-07] ()
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{0D16E4CC-90FE-4D1B-B557-562D0CF891E1}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{286B131A-7D0F-4737-BF0E-86AA2B5144A5}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{8E24635A-2D1A-4802-8AAF-B37E96EC1215}: [DhcpNameServer] 192.168.137.129
    Tcpip\..\Interfaces\{B7434BC1-CC3D-4888-B2DB-60B673FE2DC4}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{D87F4CD1-3BA6-437E-B506-C8F478554483}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{DF8FA5EE-8347-41FD-9A12-AF1B977B440B}: [DhcpNameServer] 192.168.42.129
    ManualProxies: 0hxxp://un-blocking.info/wpad.dat?ae70e6ebbad117b2dd34bf9cf8bd1b3217766709
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131311198838699962&GUID=43784583-9414-4D3C-887F-6C5892FAC77B
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
    SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000 -> DefaultScope {ielnksrch} URL = 
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/1.2/jinstall-11-win.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)
    Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()
     
    FireFox:
    ========
    FF DefaultProfile: 84cizlnl.default
    FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default [2017-02-07]
    FF NewTab: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.NT
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\84cizlnl.default -> youndoo
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\84cizlnl.default -> youndoo
    FF Homepage: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.HP
    FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\4sb5o2kd.xml [2017-02-07]
    FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\findit.xml [2017-02-07]
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
    FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll [No File]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-18] (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-18] (NVIDIA Corporation)
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-13] (Pando Networks)
    FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2010-10-03] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2010-10-03] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2010-10-03] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: @tools.google.com/Google Update;version=3 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: @tools.google.com/Google Update;version=9 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-13] (Pando Networks)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-26] (Ubisoft)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHCxomeujIo3zShG6o34N1BxQ-YeHx5r3_oD1CACZ8OBXNYc4F0vpyZT5twVvbJdmrMgeC5Jaa6Yn9AVS_7poDf8cgdrnWssc0R83p3I0UllQxE826TSSp0XRhfvQ1haCofyF0mWavdBmVPDw1Ai17FtBijY_ztIZ76gYDBYUg,,
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHCxomeujIo3zShG6o34N1BxQ-YeHx5r3_oD1CACZ8OBXNYc4F0vpyZT5twVvbJdmrMgeC5Jaa6Yn9AVR_pun2hQWdxZNBP6ZFFvntC8rPyrmDAeNY9sIyYQa0djrnAeyz-TrRUJop0BVC4b4gk51Ajna-GDc4pJkvJtef9n2A,,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Users\john\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll => No File
    CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
    CHR Extension: (Free Download Manager Chrome extension) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-01-02]
    CHR Extension: (Galaxy-View) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbeddldohkakodfncjnkkjfojggbahp [2017-02-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
    CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2010-05-04] (Avid Technology, Inc.) [File not signed]
    S4 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [249104 2016-10-06] (EasyAntiCheat Ltd)
    S3 EvoSvc; F:\EVL\EvoSvc.exe [1583488 2016-12-28] (Echobit LLC)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-10-19] (NVIDIA Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-10-19] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-10-19] (NVIDIA Corporation)
    S4 PinnacleUpdateSvc; C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2015-06-22] (PowerUp Software, LLC) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2017-01-21] ()
    S4 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [629648 2017-01-18] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 athsgt; C:\Windows\System32\DRIVERS\athsgt.sys [164992 2013-03-29] () [File not signed]
    S3 BTCAMDRV; C:\Windows\System32\DRIVERS\BTCamDrv.sys [219136 2006-01-11] (Windows ® 2000 DDK provider) [File not signed]
    R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2016-03-12] (Echobit, LLC)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2016-11-11] (LogMeIn, Inc.)
    S3 hid7906; C:\Windows\System32\drivers\hid7906.sys [53793 2006-06-28] (Compuware Corporation) [File not signed]
    R2 limsgt; C:\Windows\System32\DRIVERS\limsgt.sys [12544 2013-03-29] () [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-10-19] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-08-04] (NVIDIA Corporation)
    R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
    S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [205312 2016-08-30] (QUALCOMM Incorporated)
    S3 qrkis; C:\Windows\System32\DRIVERS\qrkis.sys [45608 2010-11-17] (Tether)
    R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
    S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC)
    R2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [12528 2016-10-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
    S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed]
    R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
    S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed]
    S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [File not signed]
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-03-25] () [File not signed]
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
    S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    S3 xspirit; \??\C:\Windows\xspirit.sys [X]
    S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-02-11 12:00 - 2017-02-11 12:00 - 00018619 _____ C:\Users\john\Desktop\FRST.txt
    2017-02-11 11:57 - 2017-02-11 11:57 - 00001323 _____ C:\Users\john\Desktop\JRT.txt
    2017-02-11 11:54 - 2017-02-11 11:49 - 00016434 _____ C:\Users\john\Desktop\AdwCleaner[C0].txt
    2017-02-11 11:45 - 2017-02-11 11:45 - 01763328 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
    2017-02-11 11:44 - 2017-02-11 11:45 - 01663040 _____ (Malwarebytes) C:\Users\john\Desktop\JRT.exe
    2017-02-11 11:44 - 2017-02-11 11:44 - 04015056 _____ C:\Users\john\Desktop\AdwCleaner.exe
    2017-02-11 11:34 - 2017-02-11 11:34 - 00000000 _____ C:\Windows\system32\__00159B70__C0000005.dmp
    2017-02-11 09:02 - 2017-02-11 09:02 - 00006644 _____ C:\Users\john\Documents\junk.txt
    2017-02-11 09:02 - 2017-02-11 09:02 - 00006644 _____ C:\junk.txt
    2017-02-11 09:01 - 2017-02-11 09:01 - 00007728 _____ C:\Users\john\Documents\System Idle Process.txt
    2017-02-11 08:54 - 2017-02-11 08:54 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\john\Desktop\procexp.exe
    2017-02-11 08:52 - 2017-02-11 08:52 - 00006405 _____ C:\Users\john\Documents\VEW-Application.txt
    2017-02-11 08:51 - 2017-02-11 08:51 - 00006231 _____ C:\Users\john\Documents\VEW-System.txt
    2017-02-11 08:50 - 2017-02-11 08:52 - 00006405 _____ C:\VEW.txt
    2017-02-11 08:48 - 2017-02-11 08:48 - 00061440 _____ ( ) C:\Users\john\Desktop\VEW.exe
    2017-02-11 08:44 - 2017-02-11 08:44 - 00000000 _____ C:\Windows\system32\__44322530__C0000005.dmp
    2017-02-11 07:20 - 2017-02-11 07:20 - 00000000 _____ C:\Windows\system32\__800064E0__C0000005.dmp
    2017-02-10 23:18 - 2017-02-11 07:36 - 00000549 _____ C:\Users\john\gtg.txt
    2017-02-10 19:59 - 2017-02-10 19:59 - 00000000 _____ C:\Windows\system32\__65746E69__C0000005.dmp
    2017-02-10 19:51 - 2017-02-10 19:51 - 00000000 _____ C:\Windows\system32\__22343735__C0000005.dmp
    2017-02-10 18:45 - 2017-02-10 18:45 - 00000000 _____ C:\Windows\system32\__002563F8__C0000005.dmp
    2017-02-10 16:41 - 2017-02-10 17:13 - 00000000 ____D C:\Program Files\PowerDataRecovery
    2017-02-10 16:41 - 2017-02-10 16:41 - 00001037 _____ C:\Users\Public\Desktop\MiniTool Power Data Recovery 7.0.lnk
    2017-02-10 16:41 - 2017-02-10 16:41 - 00000000 ____D C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _
    2017-02-10 16:41 - 2017-02-10 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
    2017-02-10 16:39 - 2017-02-10 16:39 - 00000000 _____ C:\Windows\system32\__00000001__C0000005.dmp
    2017-02-10 08:24 - 2017-02-10 08:24 - 00000000 _____ C:\Windows\system32\__31303225__C0000005.dmp
    2017-02-07 17:29 - 2017-02-07 17:29 - 00000101 _____ C:\Windows\system32\_system.ini
    2017-02-07 17:28 - 2017-02-08 16:43 - 00000000 ____D C:\Program Files\Top Password
    2017-02-07 17:25 - 2017-02-07 17:25 - 07316480 _____ C:\Users\john\AppData\Roaming\agent.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 01906989 _____ C:\Users\john\AppData\Roaming\ZooSiling.tst
    2017-02-07 17:25 - 2017-02-07 17:25 - 00126464 _____ C:\Users\john\AppData\Roaming\noah.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00126464 _____ C:\Users\john\AppData\Roaming\lobby.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00072787 _____ C:\Users\john\AppData\Roaming\Silverfix.tst
    2017-02-07 17:25 - 2017-02-07 17:25 - 00070752 _____ C:\Users\john\AppData\Roaming\Config.xml
    2017-02-07 17:25 - 2017-02-07 17:25 - 00054272 _____ C:\Users\john\AppData\Roaming\ApplicationHosting.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00018432 _____ C:\Users\john\AppData\Roaming\Main.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00005568 _____ C:\Users\john\AppData\Roaming\md.xml
    2017-02-07 17:25 - 2017-02-07 17:24 - 00983040 _____ C:\Users\john\AppData\Roaming\ZooSiling.exe
    2017-02-07 17:25 - 2017-02-07 17:24 - 00983040 _____ C:\Users\john\AppData\Roaming\Silverfix.exe
    2017-02-07 17:24 - 2017-02-07 17:25 - 00016560 _____ C:\Users\john\AppData\Roaming\InstallationConfiguration.xml
    2017-02-07 17:24 - 2017-02-07 17:24 - 00140288 _____ C:\Users\john\AppData\Roaming\Installer.dat
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Users\john\AppData\Roaming\Cujercult
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Users\john\AppData\Local\Tepidom
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\Avira
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\Avg
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Program Files\Tolzermght Adapter
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Program Files\Kugshcoijich
    2017-02-07 15:43 - 2017-02-07 15:43 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
    2017-02-07 15:43 - 2017-02-07 15:43 - 00000000 ____D C:\Program Files\RAR Password Cracker
    2017-02-01 18:22 - 2017-02-01 18:22 - 00002633 _____ C:\Users\john\Desktop\µTorrent.lnk
    2017-02-01 18:20 - 2017-02-07 17:33 - 00000000 ____D C:\Users\john\AppData\Roaming\uTorrent
    2017-01-31 15:41 - 2017-01-31 15:41 - 00001221 _____ C:\Users\john\Desktop\FarCry2 - Shortcut.lnk
    2017-01-30 15:40 - 2017-01-30 15:40 - 00000823 _____ C:\Users\Public\Desktop\Call of Duty® 2 Singleplayer.lnk
    2017-01-30 15:40 - 2017-01-30 15:40 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty® 2
    2017-01-30 15:40 - 2017-01-30 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty® 2
    2017-01-29 19:21 - 2017-01-29 19:21 - 25322013 _____ C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _ (1).7z
    2017-01-29 15:48 - 2017-01-29 15:50 - 25322013 _____ C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _.7z
    2017-01-28 18:18 - 2017-01-28 18:18 - 00000644 _____ C:\Users\john\Desktop\samp - Shortcut.lnk
    2017-01-28 09:45 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2017-01-27 16:03 - 2017-01-27 16:05 - 00000000 ____D C:\Users\john\Documents\Battlefield 3
    2017-01-17 20:15 - 2017-01-17 20:15 - 00000000 ____D C:\Program Files\AGEIA Technologies
    2017-01-17 20:14 - 2017-01-17 03:37 - 03130440 _____ C:\Windows\system32\pbsvc_blr.exe
    2017-01-17 19:54 - 2017-01-26 19:27 - 00000000 ____D C:\Users\john\Documents\TrackMania
    2017-01-17 19:54 - 2017-01-24 14:46 - 00000000 ____D C:\ProgramData\TrackMania
    2017-01-16 02:14 - 2017-01-16 02:14 - 00000216 _____ C:\Users\john\Desktop\Cry of Fear.url
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-02-11 12:00 - 2015-05-12 20:04 - 00000000 ____D C:\FRST
    2017-02-11 12:00 - 2009-07-14 10:04 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-02-11 12:00 - 2009-07-14 10:04 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-02-11 11:53 - 2012-07-08 19:59 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-02-11 11:53 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-02-11 11:49 - 2015-05-13 17:04 - 00000000 ____D C:\AdwCleaner
    2017-02-11 11:48 - 2010-10-03 17:55 - 00000000 ____D C:\Users\john\AppData\Roaming\Yahoo!
    2017-02-11 11:40 - 2016-11-05 22:39 - 00000442 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-02-11 11:39 - 2011-05-04 08:32 - 15636086 _____ C:\Windows\system32\perfh00C.dat
    2017-02-11 11:39 - 2011-05-04 08:32 - 15420442 _____ C:\Windows\system32\perfh001.dat
    2017-02-11 11:39 - 2011-05-04 08:32 - 05256696 _____ C:\Windows\system32\perfc00C.dat
    2017-02-11 11:39 - 2011-05-04 08:32 - 05219150 _____ C:\Windows\system32\perfc001.dat
    2017-02-11 11:39 - 2010-10-03 17:36 - 00006648 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-10 23:18 - 2010-10-03 17:33 - 00000000 ____D C:\Users\john
    2017-02-10 22:39 - 2016-06-15 10:12 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-02-10 20:12 - 2014-12-04 12:32 - 00000000 ____D C:\Users\john\AppData\Local\CrashDumps
    2017-02-10 08:23 - 2002-10-07 00:07 - 00119296 _____ C:\Windows\system32\zlib.dll
    2017-02-09 19:01 - 2016-10-02 11:29 - 00002025 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
    2017-02-09 19:01 - 2009-01-01 00:02 - 00002085 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
    2017-02-08 21:28 - 2010-10-03 18:07 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
    2017-02-07 15:51 - 2016-10-11 11:45 - 00000000 ____D C:\Users\john\AppData\LocalLow\uTorrent
    2017-02-07 15:49 - 2015-05-22 21:32 - 00000000 ____D C:\Program Files\AVS4YOU
    2017-02-07 15:49 - 2013-03-21 10:32 - 00000000 ___RD C:\Program Files\TypingMaster
    2017-02-07 15:49 - 2012-05-15 19:49 - 00000000 ____D C:\Program Files\ReflexiveArcade
    2017-02-07 15:49 - 2011-11-09 14:15 - 00000000 ____D C:\Program Files\UBISOFT
    2017-02-07 15:24 - 2013-10-30 18:42 - 00000000 ____D C:\Program Files\Steam
    2017-02-06 17:50 - 2016-10-28 17:50 - 00000000 ____D C:\ProgramData\Unity
    2017-02-05 11:47 - 2014-05-08 12:15 - 00000000 ____D C:\Users\john\AppData\Roaming\Unity
    2017-02-03 17:46 - 2016-11-05 22:38 - 00000000 ____D C:\Program Files\UCBrowser
    2017-02-03 17:27 - 2014-04-26 21:26 - 00000000 ____D C:\Users\john\AppData\Local\NVIDIA Corporation
    2017-01-31 14:40 - 2009-07-14 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-01-31 14:38 - 2010-10-03 17:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2017-01-31 14:33 - 2016-07-06 20:07 - 00000000 ____D C:\Program Files\Common Files\InstallShield
    2017-01-30 15:46 - 2010-10-09 13:08 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2017-01-24 18:05 - 2011-05-29 07:34 - 00000000 ____D C:\Program Files\Common Files\Steam
    2017-01-21 12:24 - 2016-10-16 20:47 - 00282696 _____ C:\Windows\system32\PnkBstrB.exe
    2017-01-21 12:24 - 2016-10-16 20:47 - 00139848 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
    2017-01-21 12:24 - 2016-10-16 20:47 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
    2017-01-21 12:24 - 2014-05-27 17:54 - 00282696 _____ C:\Windows\system32\PnkBstrB.xtr
    2017-01-21 12:24 - 2013-01-04 17:43 - 00000000 ____D C:\Users\john\AppData\Roaming\Ubisoft
    2017-01-21 12:24 - 2012-06-05 18:25 - 00000000 ____D C:\Users\john\AppData\Local\PunkBuster
    2017-01-21 12:23 - 2013-08-25 08:19 - 00000000 ____D C:\Users\john\AppData\Local\Ubisoft Game Launcher
    2017-01-21 12:23 - 2010-11-25 22:16 - 00000000 ___RD C:\Users\john\Desktop\HTML DOC
    2017-01-21 11:38 - 2016-12-24 14:20 - 00000000 ____D C:\Users\john\Documents\Ubisoft
    2017-01-17 20:19 - 2013-11-14 18:24 - 00000000 ____D C:\Users\john\Documents\My Games
    2017-01-17 20:15 - 2013-09-28 17:40 - 00138056 _____ C:\Users\john\AppData\Roaming\PnkBstrK.sys
    2017-01-17 20:15 - 2012-07-08 19:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2017-01-17 20:14 - 2015-07-01 12:31 - 00189248 _____ C:\Windows\system32\PnkBstrB.ex0
    2017-01-16 13:48 - 2016-10-04 16:15 - 00000000 ____D C:\Users\john\AppData\Local\Free Download Manager
     
    ==================== Files in the root of some directories =======
     
    2012-06-27 21:24 - 2012-06-27 21:24 - 0000288 _____ () C:\Users\john\AppData\Roaming\.backup.dm
    2011-12-27 20:15 - 2016-04-28 11:42 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2011-06-26 18:38 - 2016-04-23 19:34 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe GIF Format CS5 Prefs
    2011-12-27 20:16 - 2016-06-17 19:17 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2015-03-03 21:15 - 2016-04-21 20:40 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe Targa Format CS5 Prefs
    2017-02-07 17:25 - 2017-02-07 17:25 - 7316480 _____ () C:\Users\john\AppData\Roaming\agent.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0054272 _____ () C:\Users\john\AppData\Roaming\ApplicationHosting.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0070752 _____ () C:\Users\john\AppData\Roaming\Config.xml
    2017-02-07 17:24 - 2017-02-07 17:25 - 0016560 _____ () C:\Users\john\AppData\Roaming\InstallationConfiguration.xml
    2017-02-07 17:24 - 2017-02-07 17:24 - 0140288 _____ () C:\Users\john\AppData\Roaming\Installer.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0126464 _____ () C:\Users\john\AppData\Roaming\lobby.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0018432 _____ () C:\Users\john\AppData\Roaming\Main.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0005568 _____ () C:\Users\john\AppData\Roaming\md.xml
    2015-05-24 06:11 - 2015-05-24 06:11 - 0000048 _____ () C:\Users\john\AppData\Roaming\msdreg.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0126464 _____ () C:\Users\john\AppData\Roaming\noah.dat
    2013-09-28 17:40 - 2017-01-17 20:15 - 0138056 _____ () C:\Users\john\AppData\Roaming\PnkBstrK.sys
    2017-02-07 17:25 - 2017-02-07 17:24 - 0983040 _____ () C:\Users\john\AppData\Roaming\Silverfix.exe
    2017-02-07 17:25 - 2017-02-07 17:25 - 0072787 _____ () C:\Users\john\AppData\Roaming\Silverfix.tst
    2011-05-12 18:05 - 2011-05-12 18:05 - 0000057 _____ () C:\Users\john\AppData\Roaming\temp.bat
    2017-02-07 17:27 - 2017-02-07 17:27 - 0032038 _____ () C:\Users\john\AppData\Roaming\uninstall_temp.ico
    2010-10-03 18:07 - 2011-02-25 19:32 - 5046202 _____ () C:\Users\john\AppData\Roaming\UserTile.png
    2013-08-21 20:26 - 2015-04-26 04:41 - 0000178 _____ () C:\Users\john\AppData\Roaming\WB.CFG
    2013-08-21 20:26 - 2014-01-16 14:09 - 0000005 _____ () C:\Users\john\AppData\Roaming\WBPU-TTL.DAT
    2017-02-07 17:25 - 2017-02-07 17:24 - 0983040 _____ () C:\Users\john\AppData\Roaming\ZooSiling.exe
    2017-02-07 17:25 - 2017-02-07 17:25 - 1906989 _____ () C:\Users\john\AppData\Roaming\ZooSiling.tst
    2016-01-14 23:11 - 2016-01-14 23:11 - 0001456 _____ () C:\Users\john\AppData\Local\Adobe Save for Web 12.0 Prefs
    2010-10-08 18:36 - 2009-01-01 16:20 - 0068608 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-09 20:50 - 2012-05-09 20:50 - 0000092 _____ () C:\Users\john\AppData\Local\fusioncache.dat
    2014-01-13 18:44 - 2015-07-20 16:00 - 0007599 _____ () C:\Users\john\AppData\Local\resmon.resmoncfg
    2013-08-02 16:49 - 2016-01-14 23:18 - 0000080 _____ () C:\Users\john\AppData\Local\X-Plane Installer.prf
    2011-05-05 21:11 - 2011-05-06 08:38 - 0000000 _____ () C:\ProgramData\CLDShowX.ini
    2010-10-03 17:50 - 2016-08-02 17:11 - 0026596 _____ () C:\ProgramData\hpzinstall.log
     
    ZeroAccess:
    C:\Users\john\AppData\Local\NFS Underground 2
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 5\Simon Magazine 5
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 4\Simon Magazine 4
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 3\Simon Magazine 3
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 2\Simon Magazine 2
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 1\Simon Magazine 1
    C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 3\Simon DVD 3
    C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 2\Simon DVD 2
    C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 1\Simon DVD 1
    C:\Users\john\AppData\Local\NFS Underground 2\Simon\Simon
    C:\Users\john\AppData\Local\NFS Underground 2\N\N
     
    Some files in TEMP:
    ====================
    2017-02-09 17:54 - 2017-02-09 17:54 - 0204800 _____ (Sony DADC Austria AG) C:\Users\john\AppData\Local\Temp\drm_dyndata_7380007.dll
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-02-04 07:52
     
    ==================== End of FRST.txt ============================
     
    Addition:
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
    Ran by john (11-02-2017 12:01:12)
    Running from C:\Users\john\Desktop
    Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2010-10-03 12:02:53)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    323A7CE5D4B04CFABF56 (S-1-5-21-2280821914-3189600555-3011743376-1007 - Limited - Enabled)
    Administrator (S-1-5-21-2280821914-3189600555-3011743376-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2280821914-3189600555-3011743376-1002 - Limited - Enabled)
    Guest (S-1-5-21-2280821914-3189600555-3011743376-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2280821914-3189600555-3011743376-1011 - Limited - Enabled)
    john (S-1-5-21-2280821914-3189600555-3011743376-1000 - Administrator - Enabled) => C:\Users\john
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.149 - Adobe Systems Incorporated)
    Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    Avid Audio Drivers (x86) (HKLM\...\{2F227ACA-204C-4529-BA33-D095C42C72DB}) (Version: 8.0.4 - Avid)
    AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
    Bandicam (HKLM\...\Bandicam) (Version: 1.9.2.454 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
    Call of Duty® 2 °²×°³ÌÐò (HKLM\...\Call of Duty® 2 °²×°³ÌÐò) (Version:  - )
    Call of Duty® 2 Patch 1.3 (Version: 1.3 - ) Hidden
    Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version:  - )
    Construct 2 r228 (HKLM\...\Construct 2_is1) (Version: 1.0.228.0 - Scirra)
    Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
    CRYENGINE Launcher (HKLM\...\{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}) (Version: 1.0.0 - Crytek GmbH)
    DDS Viewer (HKLM\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version:  - IdeaMK)
    Easy2Convert BMP to DDS 1.8 (HKLM\...\{D169AB78-E429-4D88-A8F1-31ECC3990518}_is1) (Version: 1.8 - Easy2Convert Software)
    Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
    Far Cry 2 (HKLM\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
    FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
    FPI SCRIPTER II (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\8deeb6b52bbb74a0) (Version: 2.0.0.3 - GREGON STUDIOS)
    FPS Creator Free (HKLM\...\{800218C2-2E07-461C-85D6-8FDB4F9161D9}) (Version:  - )
    FPS Creator Model Pack - 10 (HKLM\...\{24EB39DB-B958-413D-818E-C0875101C96B}) (Version:  - )
    FPS Creator Model Pack - 11 (HKLM\...\{15014839-85AF-439E-9C3C-A93BB74957B1}) (Version:  - )
    FPS Creator Model Pack - 12 (HKLM\...\{E189B3B5-487D-430E-8668-A77CEF120F2D}) (Version:  - )
    FPS Creator Model Pack - 13 (HKLM\...\{09847DC5-6C6D-45CD-AE31-CD27CE1FE48F}) (Version:  - )
    FPS Creator Model Pack - 16 (HKLM\...\{BDB48672-B567-4A4B-989E-0A7C2E220B6F}) (Version:  - )
    FPS Creator Model Pack - 2 (HKLM\...\{3B78E403-D116-4C56-9D1E-4C245AFC82D9}) (Version:  - )
    FPS Creator Model Pack - 21 (HKLM\...\{BB9C6299-5713-4428-B8D0-0C0B2F5C9A0E}) (Version:  - )
    FPS Creator Model Pack - 22 (HKLM\...\{38FC732E-764D-46A2-A79E-A4E484130A3B}) (Version:  - )
    FPS Creator Model Pack - 28 (HKLM\...\{A9802493-BA56-4304-A2F3-EDF7D35FBA5D}) (Version:  - )
    FPS Creator Model Pack - 6 (HKLM\...\{F964E0BB-3AD6-4188-B985-453037BE8FFD}) (Version:  - )
    FPS Creator Model Pack - 7 (HKLM\...\{F6D05799-9659-48CD-8B8A-1AC424A572A9}) (Version:  - )
    FPS Creator Model Pack - 9 (HKLM\...\{444E3FAE-DC6D-498B-BF98-6B6B61CA46D9}) (Version:  - )
    FPS Creator Model Pack 49 (HKLM\...\{D034FB9F-35E5-4DFC-8143-D8CB9BD477AB}) (Version:  - )
    FPS Creator Model Pack 53 (HKLM\...\{B76BB8C6-EE9B-49CC-9141-862856BC5EE5}) (Version:  - )
    FPS Creator Model Pack 55 (HKLM\...\{884AC351-768E-4F23-8DC1-06E9E47CF36F}) (Version:  - )
    FPS Creator Model Pack 57 (HKLM\...\{BCA7929A-91E9-4580-8523-6F2010599874}) (Version:  - )
    FPSC Model Pack 52 (Precracked by N2K) (HKLM\...\FPSC Model Pack 52 (Precracked by N2K)) (Version:  - )
    FPSC Model Pack 58 (Precracked by N2K) (HKLM\...\FPSC Model Pack 58 (Precracked by N2K)) (Version:  - )
    FPSC Model Pack 74 (Precracked by N2K) (HKLM\...\FPSC Model Pack 74 (Precracked by N2K)) (Version:  - )
    FPSC Sprite Pack (Precracked by N2K) (HKLM\...\FPSC Sprite Pack (Precracked by N2K)) (Version:  - )
    Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.18.4671 - FreeDownloadManager.ORG)
    GOM Player (HKLM\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
    GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.6.9.9 - Siber Systems)
    Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    Gtk# for .Net 2.12.26 (HKLM\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
    Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
    Java 2 SDK Standard Edition v1.2.2 (HKLM\...\Java 2 SDK Standard Edition v1.2.2) (Version:  - )
    Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.260 - Oracle)
    JavaPK for Desktop 2.1 (HKLM\...\JavaPK for Desktop) (Version:  - )
    K-Lite Codec Pack 6.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
    L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version:  - )
    Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
    Macro Vibration Joystick (HKLM\...\{36177F72-8181-45D7-95D1-EA5B008A4DC9}) (Version: 2006.05.30 - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Max Uninstaller version 3.0 (HKLM\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 3.0 - hxxp://www.maxuninstaller.com/)
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Language Interface Pack 2007 - தமிழ் (HKLM\...\{95120000-00FF-0449-0000-0000000FF1CE}) (Version: 12.0.4518.1086 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Updates (HKLM\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    MilkShape 3D 1.8.4 (HKLM\...\MilkShape 3D 1.8.4) (Version: 1.8.4 - chUmbaLum sOft)
    MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
    MP3 Karaoke 6.1.9.a (HKLM\...\119C21A0-FA78-44AE-91B0-C02E39E1829D_is1) (Version:  - Accmeware Corporation)
    MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2.1 - Notepad++ Team)
    NotepadPlusPlusApp (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\NotepadPlusPlusApp) (Version:  - )
    NTI Backup Now Standard (Version: 5.0.101.0 - NewTech Infosystems) Hidden
    NTI Media Maker 8 (Version: 8.0.2.61 - NewTech Infosystems) Hidden
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.00 - NVIDIA Corporation)
    NVIDIA 3D Vision PowerPack - Batman Arkham Asylum (HKLM\...\NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1) (Version:  - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
    NVIDIA Graphics Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.00 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Photoshop Plug-ins (HKLM\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
    NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    OpenAL (HKLM\...\OpenAL) (Version:  - )
    Oxford Dictionary of Idioms and MSDict Viewer (HKLM\...\{D2228D9D-5EB7-415B-A6B8-33C245357F14}) (Version: 3.10.15 - Mobile Systems)
    Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
    PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
    PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
    PeaZip 5.6.0 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
    Photo! 3D Album and Photo! 3D ScreenSaver 1.2 (HKLM\...\My Pictures Editor_is1) (Version:  - )
    Pinnacle Game Profiler (HKLM\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 8.1.7 - PowerUp Software)
    PowerISO (HKLM\...\PowerISO) (Version: 6.0 - Power Software Ltd)
    Project My Screen App (HKLM\...\{C4BD97A3-F893-49F6-8D2D-A535DD661131}) (Version: 8.0.12539 - Microsoft Corporation)
    PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    RAD Video Tools (HKLM\...\RADVideo) (Version:  - )
    RAR Password Cracker (HKLM\...\RAR Password Cracker) (Version: 4.20 - dnSoft Research Group)
    RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
    Sentinel Protection Installer 7.4.0 (HKLM\...\{5A180ED5-0AC1-410A-B790-5E0319CD0A93}) (Version: 7.4.0 - SafeNet, Inc.)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
    Software Informer 1.1 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
    Speakonia (HKLM\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
    Speccy (HKLM\...\Speccy) (Version: 1.17 - Piriform)
    Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Tom Clancy's Ghost Recon Future Soldier (HKLM\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.00 - Ubisoft)
    TurboC++ 3.0.7.7c (HKLM\...\TurboC++) (Version: 3.0.7.7c - NeutroNVegetOStrikeR.DbZ)
    UC Browser (HKLM\...\UCBrowser) (Version: 6.0.1308.1016 - UCWeb Inc.)
    Unity (32-bit) (HKLM\...\Unity (32-bit)) (Version: 5.4.2f2 - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Uplay (HKLM\...\Uplay) (Version: 2.1 - Ubisoft)
    USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
    VirtualDJ Home FREE (HKLM\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VSDC Free Video Editor version 3.3.5.411 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.3.5.411 - Flash-Integro LLC)
    WARMODE (HKLM\...\Steam App 391460) (Version:  - WARTEAM)
    Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinPump (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\WinPump) (Version:  - )
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
    WinZip (HKLM\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
    XiaoMiFlash (HKLM\...\{9AF75396-D38E-4F07-831C-9F78923DC015}) (Version: 1.0.0 - XiaoMi)
    youndoo - Uninstall (HKLM\...\{73DA1638-A283-4E8C-9490-C27A37DBC069}) (Version:  - ) <==== ATTENTION
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32 -> C:\Program Files\JavaSoft\JRE\1.2\bin\beans.ocx (JavaSoft / Sun Microsystems)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {005776C8-86D8-4402-AD17-59C0578E23B1} - System32\Tasks\{D0EBE590-B6F1-4214-BB08-FF545DCB3688} => pcalua.exe -a "E:\SOFTWARE INSTALER\My Disc\ADOBE photo e4rPHOTOSHOP_7\_ISDEL.EXE" -d "E:\SOFTWARE INSTALER\My Disc\ADOBE photo e4rPHOTOSHOP_7"
    Task: {006C15ED-5465-4111-9C65-A960A5302918} - System32\Tasks\{CC573B76-0ADE-4291-9322-8DE6D8D3F521} => pcalua.exe -a "F:\SOFTWARE\GAMES\Top Flash Games.exe" -d F:\SOFTWARE\GAMES
    Task: {00E14294-39D0-4D77-A30D-9C4F27EC6212} - System32\Tasks\{E2E6F04F-8332-47A7-9C3C-277E917D850C} => msiexec.exe /package "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
    Task: {0101E141-7531-4607-8700-2CFC5C7C5E74} - System32\Tasks\{3DA55CC3-F90D-4F19-9245-9F9E5657A775} => pcalua.exe -a C:\Users\john\INSTALER\AlienShooterDemo.exe -d C:\Users\john\INSTALER
    Task: {02747C29-7D70-4CDB-B56E-00BBD279A361} - System32\Tasks\{65917F1E-51CC-4798-ADE7-FC90EE47E5CF} => F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe 
    Task: {045B2A03-04F0-4308-88D7-FA3727491357} - System32\Tasks\{B34F3067-7FA2-4AA4-86E1-C9B92FFCF122} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0527640A-BEB9-405E-AB8A-F7031F5A69FB} - System32\Tasks\{373596EF-6BEB-4A59-9893-7BADC5DE471A} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe 
    Task: {068D3BAB-69ED-42EA-9176-B5F957D39DBE} - System32\Tasks\{05D5DD12-79CD-432E-AA7B-CA1AF787D643} => pcalua.exe -a "C:\Users\john\Downloads\17_Great_Swimming_\Auto Install\Install.exe" -d "C:\Users\john\Downloads\17_Great_Swimming_\Auto Install"
    Task: {070281A5-ADA0-40E5-9FD5-E5BD94525F45} - System32\Tasks\{3474BED7-1749-471A-8394-B20A1B6B38EA} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0949DE31-7A8B-45A8-ADA6-F0C3BB9367A1} - System32\Tasks\{D5B20F17-42FD-4CF3-8950-72771289E203} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0D42D464-2F69-4D0E-81EF-A42EF0813CAC} - System32\Tasks\{76B701D8-57C6-4969-A4F0-7F7863386241} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0DBA95FA-8263-4F91-B4C2-32D71AF101C3} - System32\Tasks\{D8803875-2248-4E4D-9F79-241B1CC9C237} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\TTL.exe 
    Task: {0DC0EF6E-751C-4350-B6F7-3E3A3BB87FD1} - System32\Tasks\GoogleUpdateTaskMachineCore1d076f59cac145b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {0E242664-FBC9-486F-A50D-67464DA8D8A9} - System32\Tasks\{CEED2990-1686-4541-94BC-A4FC1A09C2CA} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
    Task: {0E7411F5-6348-49AD-B4C3-064804543514} - System32\Tasks\{C7DDDF30-0E92-4CFF-8B94-0183370E4CDA} => pcalua.exe -a "F:\SOFTWARE\GAMES\Alien vs Predator 2\AVP2 (2).exe" -d "F:\SOFTWARE\GAMES\Alien vs Predator 2"
    Task: {0EDEEB1D-A897-402D-8113-DE00B7582B3A} - System32\Tasks\{6D145217-0AF0-45CF-8A3F-02E3D682FB61} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe 
    Task: {106AA770-1C72-42C6-A658-04A5C9D5296C} - System32\Tasks\GoogleUpdateTaskMachineCore1d20073240d64cd => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {11850158-E530-4D46-8CF5-3FD620CC04E6} - System32\Tasks\{3BD5A81C-357C-4313-9BF3-2B5B30392DC7} => pcalua.exe -a F:\SOFTWARE\Dc_vs_Marvel_Mugen_Edition.exe -d F:\SOFTWARE
    Task: {14B0AF28-5218-4AE5-BAF9-9DC25F0B24F7} - System32\Tasks\{EAC08ADF-E9C8-49DD-83AC-57C21B5D15EE} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {14CDB44D-6E2C-42BC-AD7C-DCFCD8A74F0A} - System32\Tasks\{58662414-4FE4-484A-BD75-5D69CC4180E0} => pcalua.exe -a "F:\SOFTWARE INSTALER\jre-8u74-windows-i586.exe" -d "F:\SOFTWARE INSTALER"
    Task: {16E0068D-B96B-4FFF-BB24-40518C548DC3} - System32\Tasks\{D6B4C2A5-E948-4792-8870-5A45FE470DAA} => F:\SOFTWARE INSTALER\MY GAMES INSTALLER\GUN HOLDER\GUN HOLDER\GUN HOLDER.exe 
    Task: {1957A7E5-C49E-4504-BE5F-30445AF5796A} - System32\Tasks\{B94FBA8D-0DE7-45CD-AB46-FCBB36C23882} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {1AA50F3A-A2F0-4F6C-A9A0-28F98330373C} - System32\Tasks\{13827CAE-AD2F-41FB-B0B9-73801A749CDD} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPSCreatorModelPack13\FPS Creator - Model Pack 13.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPSCreatorModelPack13"
    Task: {1DE7E31A-E479-431B-BE5F-D00F615E51AA} - System32\Tasks\{84A38175-6D8F-41F6-941C-767A737E64B0} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\Project IGI\SETUP.EXE 
    Task: {22893088-13B9-4C76-91D8-6ACE60CE1810} - System32\Tasks\{F20F6670-957C-4BEC-ADCB-F5B5891DDBB9} => pcalua.exe -a "C:\Users\john\Downloads\Hitman 1, kkabod\Hitman 1\Setup.exe" -d "C:\Users\john\Downloads\Hitman 1, kkabod\Hitman 1"
    Task: {253338D3-59CB-4CDB-A840-A79583B69EF2} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f2eb9e8a064 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {2684E7FE-60BB-4184-8F8F-569C806D0B79} - System32\Tasks\{C9E2F816-9295-4429-A9B2-B80E75445146} => pcalua.exe -a "F:\SOFTWARE\GAMES\GTA COLL\Grand Theft Auto3_LC\SETUP.exe" -d "F:\SOFTWARE\GAMES\GTA COLL\Grand Theft Auto3_LC"
    Task: {28E25B2A-C6FE-465B-B4AA-3A27D86563F8} - System32\Tasks\{01FF9B5F-2602-4C45-A7F3-47289E67B5E2} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {299149E4-FDBF-4FD9-8BEF-879AA99AB250} - System32\Tasks\{B1FDACF6-148E-4DCA-842A-3D10CEABDD9B} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\BONUS\HIDDEN OBJECT GAMES\Mystery of Cleopatra\Mystery of Cleopatra.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\BONUS\HIDDEN OBJECT GAMES\Mystery of Cleopatra"
    Task: {2C069DDC-612C-495C-A1D7-78A68DEE608A} - System32\Tasks\FreeDownloadManagerNetworkMonitor => F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe [2016-09-09] ()
    Task: {2CFDA930-6F43-4B1F-B84E-3FDEF3C44E98} - System32\Tasks\{BC31B78F-1547-46B1-889F-913727111AA1} => pcalua.exe -a "C:\Program Files\EA Games\Need for Speed Undercover\setup.exe" -d "C:\Program Files\EA Games\Need for Speed Undercover"
    Task: {2DF18C6A-34B9-4A35-8AB0-5373241A0622} - System32\Tasks\{F7ED27F1-E176-415D-AA45-1DFE490C03C1} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {2E22A60F-F154-41D1-B401-A4772885ADBF} - System32\Tasks\{4E96D605-1490-4D48-B729-E3B23EA7EC25} => pcalua.exe -a "C:\Program Files\Smart File Advisor\sfa.exe" -d F:\SOFTWARE\GAMES\3rdp_beta -c /unknown "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
    Task: {313CB86D-C90C-4F39-889E-C4BAC0ABD0E8} - System32\Tasks\{A925D1FB-B4EA-4396-9C17-7B1EDD5745F3} => pcalua.exe -a C:\Users\john\Downloads\ultimatevicecity2.exe -d C:\Users\john\Downloads
    Task: {330ACDB0-7493-47B2-9AAB-E654DF779E17} - System32\Tasks\{48D7B5B3-1279-4B5C-8504-AEA7C8E2B17F} => pcalua.exe -a C:\Users\john\INSTALER\FlashGamesSetup.exe -d C:\Users\john\INSTALER
    Task: {340D07C2-FE8C-4B49-8D0F-549983812E97} - System32\Tasks\{E8B3B7CB-4E71-404A-AC85-772E8BDB0525} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Program Files\CarReplacer\ST6UNST.LOG"
    Task: {37673D8C-2F02-47B9-A5BD-145CD49249BF} - System32\Tasks\{E67EDB00-4570-4AE0-B4BF-E405965C34B5} => pcalua.exe -a "F:\SOFTWARE\GAMES\Installer\Spider-Man Friend or Foe\SMFOF\Setup.exe" -d "F:\SOFTWARE\GAMES\Installer\Spider-Man Friend or Foe\SMFOF"
    Task: {393C1257-649D-47F0-A101-BD834985DA72} - System32\Tasks\{41C103E3-1011-4BE6-A9F7-5C53F3F1AF54} => pcalua.exe -a "E:\GAMES INSTALER\(pc game) alien shooter [full]\(pc game) alien shooter [full].exe" -d "E:\GAMES INSTALER\(pc game) alien shooter [full]"
    Task: {3A3B9F4B-A924-4DBD-81B0-9042726F1B36} - System32\Tasks\{A515301F-0A35-42AB-A1CB-31A3B8207EAF} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {3A875C8A-B833-41C3-827F-FFACD85EE7A6} - System32\Tasks\{1D9255C1-19D5-449D-96CF-2E811CEC2D96} => pcalua.exe -a "F:\SOFTWARE\Cricket Revolution Setup.exe" -d F:\SOFTWARE
    Task: {3B974FC3-C22C-4F8A-B359-1EB6BCCB4D6A} - System32\Tasks\{B2020C4E-912F-4121-A78E-2EC8C9018D1E} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {3BE08B96-D6C1-45CA-8DE5-F8D63D49FE3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {3C0207C6-DAF3-4B7E-A9D7-13DA6B7079D7} - System32\Tasks\{2B87E4CF-D890-4B2A-BB55-5A09775410CC} => pcalua.exe -a F:\SOFTWARE\GAMES\RE4\launcher.exe -d C:\Users\john\Desktop
    Task: {3C0B7918-0449-4DE7-92F2-877C54E67BBA} - System32\Tasks\{4312A229-D5B1-4C9A-B277-46046257274E} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {3D76DDC2-A193-495F-A217-75D8D11B2843} - System32\Tasks\GoogleUpdateTaskMachineCore1d016506776cf4c => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {3DB81F54-7B85-419E-90B9-C84C32B25685} - System32\Tasks\{48FC324A-1FE4-40A6-87E7-1F5C3DCBB3BA} => pcalua.exe -a "F:\SOFTWARE\Sci-fi\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d F:\SOFTWARE\Sci-fi\3DSFMM2
    Task: {3FE28AC9-5A50-47EA-9092-935FD2BFB031} - System32\Tasks\{129BF4A3-35CF-4628-AC7E-3C990A628150} => pcalua.exe -a D:\Simon\GTAVC\GTAVC\setup.exe -d D:\Simon\GTAVC\GTAVC
    Task: {4266E050-E674-4883-A810-48970EA706B0} - System32\Tasks\{2E5897A4-B2DA-4A64-B3A6-32C789E8CAF2} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {42F6B276-5CFE-4B62-A189-823F47BBC7D0} - System32\Tasks\{50D0BA28-B5B5-4436-8708-46D02B059606} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {43D6C43A-8B20-4C7F-A061-A70567F30815} - System32\Tasks\GoogleUpdateTaskMachineCore1d093f73f14b8b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {442BEC5F-39EF-45C4-B9B0-8D5FE1EA925D} - System32\Tasks\{D2819F58-C7B9-43E0-B7FC-CC7D04F671FA} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {449D6243-66A9-4E38-8F90-FB7D7BC8B6B2} - System32\Tasks\{8A02F65B-9F35-4760-9360-F52C0EF28E49} => pcalua.exe -a "F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe" -d "F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1"
    Task: {48E8EE20-94F4-4226-810F-7B700DC7BDA1} - System32\Tasks\{4AAB42F5-0303-4CA6-BEC8-25641736BCB7} => pcalua.exe -a F:\SOFTWARE\PC_Game_Captain_Claw\Captain_Claw.exe -d F:\SOFTWARE\PC_Game_Captain_Claw
    Task: {4D045905-4067-48E6-9A7A-B3CA71F3D3CD} - System32\Tasks\{A67A488D-B88A-4318-AD63-6FAAD5348AF9} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE 
    Task: {4ECC40EC-6AA3-496C-BAAF-D6E1CED6C359} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d093f6df30a7ef => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {4FC85321-2501-4B6E-822F-F333092043E7} - System32\Tasks\{B9390F74-AB50-463C-9DAD-5545C019B0E6} => pcalua.exe -a F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English.exe -d F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English
    Task: {50687F36-9E0D-4053-B406-EF08E7A5E39C} - System32\Tasks\{87CDCB4B-4029-4D9C-9C3D-972DAA004789} => pcalua.exe -a F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1\Setup.exe -d F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1
    Task: {50D4DA95-8F52-47A4-9074-18A075E40CAA} - System32\Tasks\{9BA04DE8-B0FC-4F41-9AFB-1485887D2008} => F:\SOFTWARE\GAMES\Disk1\GTA IV\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe 
    Task: {51D9C856-80AD-4DD6-BCB4-F0B2DF42BA82} - System32\Tasks\{E4CEFB91-901F-4D67-8087-2A0F05E7E8A9} => pcalua.exe -a C:\WINDOWS\ISUNINST.EXE -c -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Task: {578D7EDA-31AF-4A7D-9DD7-C65AAD438E95} - System32\Tasks\{2D74B2DB-F334-48C1-AD4E-C536F3C58FFC} => pcalua.exe -a "F:\SOFTWARE\GAMES\gta mods\Setup_1224997649.exe" -d "F:\SOFTWARE\GAMES\gta mods"
    Task: {57BD3291-EBD9-4896-B170-DD0532EFA6EA} - System32\Tasks\{1B5E53BD-CDAD-459B-8AA3-3B316C4BFAAE} => F:\SOFTWARE\GAMES\Installer\Manhunt 1 pc\Manhunt 1\Manhunt\manhunt.exe 
    Task: {5A722E8C-EE69-4E49-A9A8-211D9C2F5E1E} - System32\Tasks\{AD75DD0E-0F23-4A9D-BDFC-376FE827900E} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman\SetupReg.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman"
    Task: {5B43CF1C-5ACD-41EC-A7A4-BC53A5B0FE26} - System32\Tasks\{DE6C0DA1-8738-43F3-82E2-8F2532C4EA11} => pcalua.exe -a "F:\SOFTWARE\3D\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d F:\SOFTWARE\3D\3DSFMM2
    Task: {5B915FC5-FD9C-461E-802F-4D7B3F448819} - System32\Tasks\{9EEE59D8-FA14-4C0D-AE3C-84899D3340DD} => pcalua.exe -a "F:\SOFTWARE\GAMES\Tony Hawk Coll\Matt Hoffman's Pro BMX\MHProBMX\Setup.exe" -d "F:\SOFTWARE\GAMES\Tony Hawk Coll\Matt Hoffman's Pro BMX\MHProBMX"
    Task: {5B994750-FADD-4D7D-A88C-96F6D0E56D71} - System32\Tasks\{7811BBC2-C3D6-4573-89FD-38C5D1CF1D23} => F:\SOFTWARE INSTALER\MY GAMES INSTALLER\GUN HOLDER\GUN HOLDER\GUN HOLDER.exe 
    Task: {5C47D654-F669-4B43-80AC-C3E791BA6F14} - System32\Tasks\{0EA76A0F-BA75-4861-ADC2-8FC095EBEE6B} => pcalua.exe -a "C:\Windows\Big City Adventures-Sydney Australia\uninstall.exe" -c "/U:F:\SOFTWARE\GAMES\BC\Uninstall\uninstall.xml"
    Task: {5CF9D825-9E21-477F-9C6C-8B13C57AB826} - System32\Tasks\{F787B258-F7A2-492C-9B1A-EE079A63746A} => pcalua.exe -a "C:\Users\john\Downloads\IPL in cricket 2002\IPL in cricket 2002\IPL in Ea cricket 2002 Installation file.exe" -d "C:\Users\john\Downloads\IPL in cricket 2002\IPL in cricket 2002"
    Task: {5F49A61C-4AD8-41D7-B67B-E6E9481AFCF9} - System32\Tasks\{0A8ED3A7-5BF6-4E16-B0A0-C5A814B2A28F} => pcalua.exe -a "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe" -d "C:\Program Files\Common Files\Adobe AIR\Versions\1.0"
    Task: {610C0BD0-3E76-432A-93BA-C5D929B8FC97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {653BDD9B-F475-4AF9-A239-81F69C2AADE0} - System32\Tasks\{4B9296DC-2C21-4F02-870E-533BAD323EFB} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe 
    Task: {697EE54C-EC8A-4CC5-A320-7373D20F2EFE} - System32\Tasks\{B6F5E290-AAFA-4131-ABBD-21B068468C16} => pcalua.exe -a "C:\Program Files\uTorrent\uTorrent.exe" -c /UNINSTALL
    Task: {6A016004-30E6-479D-B965-C05D68B4F4F0} - System32\Tasks\{C08D028F-306F-4FEF-B493-75EFB1B248F1} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
    Task: {6AA435F0-E7AF-4657-965B-3976DC38E51A} - System32\Tasks\{F569FAA6-BF87-444D-935B-0403C8C42DB1} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {6AE757DF-16ED-4C89-91E2-59AC8BD09DFA} - System32\Tasks\{FCC4046C-6A2F-4E69-B31C-88F431F6201A} => pcalua.exe -a F:\SOFTWARE\GAMES\ironman{www.grandpcgames.com}\IronMan{www.grandpcgames.com}\setup.exe -d F:\SOFTWARE\GAMES\ironman{www.grandpcgames.com}\IronMan{www.grandpcgames.com}
    Task: {6B9B080C-8834-41E6-A02B-4E701400E37C} - System32\Tasks\{3DBFD8FC-0FE0-45C5-B076-D65C988E7F73} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {6EFE6006-D8CB-49CF-8A48-405AFA513EE0} - System32\Tasks\{EAA11498-8659-4E9F-BF73-B0524C1EBD79} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\LeeGTs Games\Mystery of Cleopatra\MysteryOfCleopatra.exe"
    Task: {7705FFD8-7267-4A55-806E-AB0CC33DA287} - System32\Tasks\{5D69DFCF-CAE7-4CCF-AD57-173C3D2EA726} => pcalua.exe -a "F:\SOFTWARE\GAMES\HITMAN\Hitman - Codename 47\Setup.exe" -d "F:\SOFTWARE\GAMES\HITMAN\Hitman - Codename 47"
    Task: {778E0453-3AA9-4253-83E7-CE6154D54EB0} - System32\Tasks\{BF73481C-4937-48A7-95B2-55535FEA0395} => pcalua.exe -a C:\Users\john\Downloads\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg\ms3d184setup.exe -d C:\Users\john\Downloads\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg
    Task: {781DBD4A-09F6-4B14-9091-4D986233E9EE} - System32\Tasks\{23D4E67A-44F0-4862-A338-A5DC403C7437} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {794F5E6C-A365-4CE6-8EC2-3359431EDFCE} - System32\Tasks\{EAE8D808-4A93-446C-A9DE-2680C32535AD} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE 
    Task: {7ACEF580-8086-481B-AAC2-32E14983A041} - System32\Tasks\{BC2F6DCB-D3CD-462F-85A5-B7DCFF6BB9F0} => C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE [2010-05-20] (Microsoft Corporation)
    Task: {7E0A75B6-B714-41FB-8228-0F33F10FA839} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d17c18fa5ce246 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {7F611482-7545-4AE9-8D91-77FE8E5194FC} - System32\Tasks\{E243BE9A-BDBE-4BDB-927B-685141552FC2} => pcalua.exe -a "C:\Users\john\Downloads\25 To Life Portable\codecs\wmp6cdcs.exe" -d "C:\Users\john\Downloads\25 To Life Portable\codecs"
    Task: {7F8C3F00-13C8-4B55-A228-D60FEDF5A064} - System32\Tasks\{9F2B977A-15F0-4499-B779-0AE415BF5A25} => pcalua.exe -a C:\Users\john\Integrated_BrotherSoft_TB.exe -d C:\Users\john
    Task: {875EFB9C-B2E5-4138-AD19-02A72912BC9E} - System32\Tasks\{AD5DF03F-212A-4BF5-8B1C-AA67E22153BC} => pcalua.exe -a "C:\Program Files\RADVideo\radvideo.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bink and Smacker"
    Task: {88B98B1B-E8C9-4F88-8724-763D37211FB5} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe [2017-01-18] (UCWeb Inc) <==== ATTENTION
    Task: {88F3C954-FEF0-4DD0-AAED-4C78083AA355} - System32\Tasks\{D0BF31D6-9696-4788-B8CA-FB96F133558D} => F:\SOFTWARE\GAMES\sof\sof3.exe 
    Task: {89DD8A2F-484B-4FB8-A2B8-396FC66DAB0A} - System32\Tasks\{99CFE9FF-DC70-4E12-8019-8CB5C9486A18} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Grand Theft Auto4_VC\GTA Vice City.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Grand Theft Auto4_VC"
    Task: {8A52E0A4-9FCA-445D-8AF9-6FA7BCC9E744} - System32\Tasks\{6AD0D404-D0FB-447E-A66D-4E53923F121A} => pcalua.exe -a "F:\SOFTWARE\GTA San Andreas Highly Compressed.exe" -d F:\SOFTWARE
    Task: {8C19DBD5-0ADF-43A7-80FA-467FE51A9C5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000UA => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {8D32B812-7FF3-48FA-ABFA-567BE6E26E5F} - System32\Tasks\{4092DCE0-383E-48BC-BED6-115E2728545C} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE 
    Task: {8D65B8CA-27D4-4CEE-8F3E-6073E32A93DB} - System32\Tasks\{FC62F8A9-2EAE-4C02-BFDD-1F06ACB4D7BE} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe 
    Task: {8DDAC4EE-B9F0-4BF2-AD7E-9CAEE5DF329A} - System32\Tasks\{64387EF1-1483-4973-A063-7BD1DC13BE6E} => pcalua.exe -a C:\Users\john\Documents\Downloads\hod3_trial.exe -d C:\Users\john\Documents\Downloads
    Task: {8ED2F185-4683-4ABC-8E58-6600A7E2CFE7} - System32\Tasks\{C25418E4-7379-4422-B616-7B5E8BE09387} => pcalua.exe -a C:\Users\john\Downloads\SetupFaceControl.exe -d C:\Users\john\Downloads
    Task: {905AC9DB-4715-4D61-84B7-A5444CFC9A4D} - System32\Tasks\{6AF62A1F-9C56-4809-95D8-6D36C6364CDB} => F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe 
    Task: {90A72B92-3E2F-43EE-B74B-C7F845C6580E} - System32\Tasks\GoogleUpdateTaskMachineCore1d1d774da17be96 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {91B4FC65-4DCD-4D89-94D2-C7E9B012091D} - System32\Tasks\{3BD714A8-4720-4475-9005-7705D3E1FBA4} => pcalua.exe -a "F:\SOFTWARE\COMMANDO2\Commandos 2\SETUP.EXE" -d "F:\SOFTWARE\COMMANDO2\Commandos 2"
    Task: {94F3C1CB-0889-4E86-9006-A22A95F181E1} - System32\Tasks\{7108D2BA-C91D-49D7-9E47-6C5B59C6DE36} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {95ACEB18-2D26-48D8-8FE1-186B0CB350C1} - System32\Tasks\{22ED1228-0A82-4435-9253-B422E15D164C} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe 
    Task: {97EB3B94-9219-4DA8-B88A-B94BFD5E9AE1} - System32\Tasks\{14BAF71A-EDC6-43D2-85D2-F2D01C214111} => F:\SOFTWARE\GAMES\BurnOut Paradise\Burnout ParaDise{GNdH}\Burnout ParaDise{GNdH}\BurnoutParadise.exe 
    Task: {983D0185-9ED3-40CA-98AA-31E8AC71A2B7} - System32\Tasks\{7DFB5AF2-1452-43DF-8B0C-4B2E145C6C59} => pcalua.exe -a "F:\SOFTWARE INSTALER\ultimatevicecity2.exe" -d "F:\SOFTWARE INSTALER"
    Task: {9AA8D228-E6B9-4458-8273-116D1B59809F} - System32\Tasks\{4164A57F-CCCA-4190-873C-DAE8DA3E9EA7} => pcalua.exe -a "F:\SOFTWARE INSTALER\install_animoids_dl\Windows\install_animoids.exe" -d "F:\SOFTWARE INSTALER\install_animoids_dl\Windows"
    Task: {9B3D424E-6D55-4716-A5CD-A6C19084DD60} - System32\Tasks\{12D56BBA-AD8C-4251-B3D0-9462E83996AC} => pcalua.exe -a "F:\SOFTWARE\New folder (2)\bike fly\bike fly.exe" -d "F:\SOFTWARE\New folder (2)\bike fly"
    Task: {9D825210-E307-4968-80A9-D3D03DA88F86} - System32\Tasks\{D70DA801-B03F-4460-9E46-61733BFD7B4E} => pcalua.exe -a F:\SOFTWARE\GAMES\CALLOF~1\Uninstall\Unwise.exe -c /u F:\SOFTWARE\GAMES\CALLOF~1\Uninstall\Install.log
    Task: {9DAE06E0-03A2-42A3-95E4-D6DCD0A83EAA} - System32\Tasks\{59B0097C-25FA-4072-A677-F83829C7AC74} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\TTL.exe 
    Task: {A05B0E66-6BC5-472C-9E5F-5CF7ECAB0740} - System32\Tasks\{2CEE4132-7BE5-4A3F-BF34-0A444A78AF54} => pcalua.exe -a F:\SOFTWARE\GAMES\setUP347.exe -d F:\SOFTWARE\GAMES
    Task: {A3A2D152-E3E0-49B7-871B-1F701A76FF16} - System32\Tasks\{BEDED5CE-3CE8-4FB4-A65F-4DD15BA06E35} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {A4F811F3-A417-4006-9457-DACF05966BFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {A999E4E8-113F-43F9-AAFA-31113CF588CF} - System32\Tasks\{1D2EFDE2-9AF3-4732-BE8A-CA0B72377F37} => C:\Program Files\Gam-A-Guru\Fire Jolts\Game\Game.exe 
    Task: {AF2CEA20-DE8B-4940-AFDC-69FC33C5A3BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {B1A5C201-A835-49FD-8A5E-AF7AE9E8A8C3} - System32\Tasks\{C02B878B-D6A2-4771-9534-C8CF2858CB7B} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe 
    Task: {B5F69C27-E310-438C-B570-0399B25E7A02} - System32\Tasks\GoogleUpdateTaskMachineCore1d17acab00ca3d9 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
    Task: {B70643A6-FB18-4F4F-9B3E-E0591C17921D} - System32\Tasks\{44AE25A9-6E17-47A5-B2EE-675FCC306744} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\Hitman 1, kkabod\Hitman 1\Setup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\Hitman 1, kkabod\Hitman 1"
    Task: {B78ABD30-C545-476A-94E5-C31BE8FF86DC} - System32\Tasks\{FB436C00-19C0-4B3A-B5F9-94EFC6756C5C} => pcalua.exe -a "F:\Gamez\Counterstrike Condition Zero\AUTORUN.EXE" -d "F:\Gamez\Counterstrike Condition Zero"
    Task: {B92A95A9-8862-4DEA-AC4F-B8F640744AB6} - System32\Tasks\CrackTracker => C:\Program Files\zabkat\crack tracker\craktrak.exe 
    Task: {BB2FCEF5-84F8-4E58-8667-31E53246F9BA} - System32\Tasks\{078A3136-D228-439D-B20A-2AF6A84C4DB7} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {BC1237E8-C9EE-4C05-86FC-85A3B39C0BE2} - System32\Tasks\{561DF6EC-1812-43D7-9A8E-536A93F5564A} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {C750C08B-E07E-405E-BAA8-D1D976413156} - System32\Tasks\{E8FC51EB-116B-49CF-B0E3-BE51C98FEB93} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman\Spider-Man Setup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman"
    Task: {C8EC5BFF-E243-40F4-B075-12767BDD921B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-26] (Adobe Systems Incorporated)
    Task: {CCDBA163-5050-4AF9-AB46-6A90680BD2F1} - System32\Tasks\{FAC50A4D-C0C3-4032-81CD-C835BB16F3A7} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English"
    Task: {CE9BF9C4-A1CE-4D3F-B464-B3DE67A9BCDF} - System32\Tasks\{D0E9313E-14CB-4D11-859B-26360006C739} => pcalua.exe -a "F:\SOFTWARE INSTALER\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg\ms3d184setup.exe" -d "F:\SOFTWARE INSTALER\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg"
    Task: {CF21B205-E5F7-45DA-9AA7-B07E8B30CE66} - System32\Tasks\{23763B24-4ED4-4A02-8746-0DB3BBDED29F} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\codecs\wmp6cdcs.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\codecs"
    Task: {D1662E1C-A699-431F-9DAD-8DBCEEDFF103} - System32\Tasks\{2E8EE9A6-0EF2-43A2-AEDC-BAD8E25AD0D8} => pcalua.exe -a F:\RGSC_1_1_3_0\RGSC_1_1_3_0.exe -d F:\RGSC_1_1_3_0
    Task: {D2028427-32DB-44F5-AA61-E8DBEE9FF534} - System32\Tasks\{8E95A132-02FF-4127-9107-BDC81BE4C5DB} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D26C1033-9887-4268-BC03-DCC312F82E42} - System32\Tasks\{48A3F74B-102F-42F7-97D8-CC7D7B81C29D} => msiexec.exe /package "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
    Task: {D34F4F76-1BCC-4701-984B-8DB779F60BE6} - System32\Tasks\{ECF229E3-41ED-484D-92D2-3B3A0AEA3741} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D474B054-611E-48BF-9D6C-166B7FF1039A} - System32\Tasks\{34103A99-055F-4789-AE7E-131DF7533E64} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D5A092EF-3DBB-40A4-AAE3-A4D39BC16AEC} - System32\Tasks\{ED128BDA-21DF-4A02-9212-5E7F35B381D8} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D8D61169-9B3E-4F6A-820B-4948CF4901F7} - System32\Tasks\{E0DDEE73-E98B-4848-A2BA-9603B7A94529} => F:\SOFTWARE\GAMES\Installer\Halo\halo.exe 
    Task: {D9BC1919-1A5B-4C4D-BA75-DF95C86E114C} - System32\Tasks\{B3A3C857-58D5-4B85-9DEA-AE97931BB6D2} => pcalua.exe -a "F:\New folder\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d "F:\New folder\3DSFMM2"
    Task: {DA6618C5-255A-4AAF-8D9E-35EB3FD219B2} - System32\Tasks\Start Registry Reviver for [email protected](logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe 
    Task: {DCD31F20-0356-402B-8CEA-EEF89D76E05F} - System32\Tasks\{C3F48B97-04AB-4AC3-94FB-11BAC934E924} => pcalua.exe -a F:\avs\AVSVideoEditor\AVSVideoEditor.exe -d F:\avs\AVSVideoEditor
    Task: {DDE9669E-8815-4446-AABB-782192010EDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d20073320433e5 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {E03EFFE5-EAC0-4E82-86B7-4AE31C00E1B8} - System32\Tasks\{B71F23FA-279B-4DDD-89E1-B629B3C9E70F} => pcalua.exe -a C:\Users\john\Downloads\Swf2Avi_Setup.exe -d C:\Users\john\Downloads
    Task: {E1654A0A-5473-486D-9CC2-8F33C532CB13} - System32\Tasks\{C423D519-1269-4114-9565-FE6BB13F42A2} => pcalua.exe -a C:\Users\john\Downloads\imgtool20\imgtool20\IMGTool.exe -d C:\Users\john\Downloads\imgtool20\imgtool20
    Task: {E84B95EC-71F1-4D1C-9145-B56BB32A65D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d13979c826472a => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {E9F9BA78-C1AB-4C4B-8E1D-6D0B3290F399} - System32\Tasks\{C14DF91E-1B95-4968-84F3-6B22DBEA3B4E} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\Project IGI\SETUP.EXE 
    Task: {EA84C26C-7C9A-4B20-A9B6-2076B9ACA8A9} - System32\Tasks\{DFA8041A-9F86-4F54-A626-B0E2529C9667} => F:\SOFTWARE\GAMES\Disk1\GTA IV\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe 
    Task: {ECFA2B6A-644C-4718-ABC5-FBC7FE54F5A6} - System32\Tasks\{B2A7C95D-0780-440D-BE9E-62A26BF656B1} => pcalua.exe -a F:\SOFTWARE\GAMES\UnInstall.exe -d F:\SOFTWARE\GAMES
    Task: {ED67A7DB-DA0C-4727-AA8D-27A1E9AD5969} - System32\Tasks\{884FD653-1594-4CC3-8FA0-1F1A5C894517} => pcalua.exe -a "E:\GAMES INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\Adobe Photoshop Cs3 Extended Full Version\A__d__Lite\Adobe_Photoshop_CS3_Lite\Adobe Photoshop CS3 Lite.exe" -d "E:\GAMES INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\Adobe Photoshop Cs3 Extended Full Version\A__d__Lite\Ado (the data entry has 22 more characters).
    Task: {EE09FC41-123F-4604-8FEC-7655763D8669} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1c96b76750e9391 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {EF117CAD-9B77-42DC-B329-9414E7DD516F} - System32\Tasks\Tolzermght Adapter => C:\Program Files\Kugshcoijich\ckersiward.exe [2017-02-07] (Glarysoft Ltd)
    Task: {F32C8DC4-64BD-472F-9DCC-21C2B044BC72} - System32\Tasks\{0B9CA604-9E4D-4784-B38C-787DD935EB3E} => F:\SOFTWARE\New folder (2)\Fairyland\Land.exe 
    Task: {F40C808D-36A9-4DE0-A586-D54E5C3AFB30} - System32\Tasks\{5111BAEF-4EF8-4CAE-9FC7-7A37828E0DFC} => pcalua.exe -a "F:\SOFTWARE\GAMES\Spiderman Coll\Spider-Man Friend or Foe\SMFOF\Setup.exe" -d "F:\SOFTWARE\GAMES\Spiderman Coll\Spider-Man Friend or Foe\SMFOF"
    Task: {F52FF28B-C246-4C13-9786-9DA92F73ECE8} - System32\Tasks\{12F6E446-1F06-493A-ADAC-ABD7836C2E91} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1\Setup.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_Engli (the data entry has 9 more characters).
    Task: {F55C7924-4354-420E-AEA9-5748A6373179} - System32\Tasks\{083A8F1A-06E6-46C6-AF26-079AAFA471C1} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE 
    Task: {F6FDBA5C-40A9-488A-8340-92A3D68497D8} - System32\Tasks\{0B0145C4-2A6E-4832-A24E-20E661A8D27D} => pcalua.exe -a "C:\Program Files\Activision\Spider-Man Demo\Spider-Man Setup.exe" -d "C:\Program Files\Activision\Spider-Man Demo"
    Task: {F7A51897-0E26-499B-9BE6-A92A0B254281} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d01646fee86a63 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {F7B3EB7D-A397-476D-BC2A-A16EC5C82A7E} - System32\Tasks\{DC35C43B-190F-4888-BF7E-5CE76D7720E6} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe 
    Task: {F7D0648D-E0B9-4E4C-8B06-996565236C16} - System32\Tasks\{62630B4C-B940-4640-A711-87A96794C270} => pcalua.exe -a "F:\Iron.Man.PC.Game.Only.150.MB\Iron.Man.PC Game Only 150MB.www.KosovaDC.com\Iron.Man.by.GranD.MasteR.BeraatZ - www.KosovaDC.com\SetupReg.exe" -d "F:\Iron.Man.PC.Game.Only.150.MB\Iron.Man.PC Game Only 150MB.www.KosovaDC.com\Iron.Man.by.GranD.MasteR.BeraatZ - www.KosovaDC.com"
    Task: {FA091FAE-704D-4C77-AA48-819D09E56681} - System32\Tasks\{23D25206-8089-4E41-8B27-3891DCCB9B71} => pcalua.exe -a "F:\SOFTWARE\GAMES\Mario\MarioForever V4.4.exe" -d F:\SOFTWARE\GAMES\Mario
    Task: {FB86A1A3-1F41-4516-B051-403C85BBCD97} - System32\Tasks\{CC04E13D-5DB7-4301-B1A8-6B9DDD5FB2B6} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\WWE Raw Portable\WWE Raw Portable\RegSetup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\WWE Raw Portable\WWE Raw Portable"
    Task: {FB96B27A-5426-4299-9C3C-941A6418064B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d076f59f224db5 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {FC210E5F-1BE7-44A0-9E2F-A4601C51FB54} - System32\Tasks\{8C25F203-A8B8-453C-9391-140E765C6235} => pcalua.exe -a "F:\SOFTWARE INSTALER\kgb_arch_win_gui_v1.2.1.24.exe" -d "F:\SOFTWARE INSTALER"
    Task: {FC89EE7D-B926-4A42-8D00-C4ECB5182A21} - System32\Tasks\{62472289-97C6-40DA-8750-D4DA9D2A230A} => F:\SOFTWARE\GAMES\Installer\Manhunt 1 pc\Manhunt 1\Manhunt\manhunt.exe 
    Task: {FCC94352-E6A8-4E01-892D-FBA79AA87B4D} - System32\Tasks\{BE6DA57B-B8CA-45C9-B4BE-52D20A9E4DC7} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {FCEDF998-D787-48FB-9FAB-12513A91FBF8} - System32\Tasks\{3D0E3FA7-8948-44DD-84C8-BBFB32787949} => pcalua.exe -a "C:\Program Files\AdorageI-SAL\uninstall.exe" -d "C:\Program Files\AdorageI-SAL"
    Task: {FE17B942-EEE0-4071-BDA8-A12F1C05231B} - System32\Tasks\{75D45EB0-620A-4A45-89CB-202EF1054DB6} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d076f59cac145b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d093f73f14b8b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f2eb9e8a064.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d17acab00ca3d9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1d774da17be96.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1c96b76750e9391.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d076f59f224db5.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d093f6df30a7ef.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d13979c826472a.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d17c18fa5ce246.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    Shortcut: C:\Users\john\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Forum.lnk -> hxxp://www.chumba.ch/chumbalum-soft/forum
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Homepage.lnk -> hxxp://www.milkshape3d.com
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Order Online.lnk -> hxxp://www.milkshape3d.com/ms3d/register.htm
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70966059361d4c09\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
     
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2017-01-09 21:17 - 2011-04-02 16:03 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
    2017-01-09 21:18 - 2011-04-02 16:03 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2010-10-03 17:56 - 2009-04-16 14:08 - 00312832 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\hpfpp70v.dll
    2017-02-07 15:49 - 2017-02-07 15:49 - 00274944 ____H () C:\Program Files\Tolzermght Adapter\local32spl.dll
    2016-10-04 16:15 - 2016-09-09 18:56 - 00658432 _____ () F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe
    2016-10-04 16:15 - 2016-09-09 18:55 - 00023552 _____ () F:\SOFTWARE\DM\Free Download Manager\WinDivert.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00310720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00900032 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 03037120 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00220608 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2017-02-07 15:49 - 2017-02-07 15:49 - 00126464 _____ () C:\Users\john\AppData\Roaming\Cujercult\Atazokclvuph.dll
    2010-10-03 17:38 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
    2016-11-21 03:17 - 2016-11-21 03:17 - 00267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 02122688 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 01608128 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 01502656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00167872 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00031680 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00749504 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00015808 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\icudt53.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
    AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation [63]
    AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation [63]
    AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\john:Heroes & Generals [38]
    AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]
    AlternateDataStreams: C:\ProgramData\TEMP:1CB4A530 [114]
    AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [236]
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
    AlternateDataStreams: C:\ProgramData\TEMP:6152D44C [128]
    AlternateDataStreams: C:\ProgramData\TEMP:77FB1B64 [104]
    AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [294]
    AlternateDataStreams: C:\ProgramData\TEMP:9D1B94FD [135]
    AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [206]
    AlternateDataStreams: C:\Users\john\AppData\Local\Temporary Internet Files:1zTcQognA0ENzQJ1VlX1f0z2BdT [2238]
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
     
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\sony.com -> sony.com
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-14 07:34 - 2017-02-10 16:42 - 00003070 ___RA C:\Windows\system32\Drivers\etc\hosts
     
    65.112.87.186           contractjack.master.gamespy.com         #heartbeats  
    65.112.87.186           contractjack.ms11.gamespy.com           #server list 
    65.112.87.186           contractjackd.master.gamespy.com        #heartbeats  
    65.112.87.186           contractjackd.ms3.gamespy.com           #server list 
    65.112.87.186           nolf2.master.gamespy.com                #heartbeats  
    65.112.87.186           nolf2.ms9.gamespy.com                   #server list 
    63.239.170.9 natneg1.gamespy.com #firewall nat negotation server 1  
    63.239.170.10 natneg2.gamespy.com #firewall nat negotation server 2 
    63.144.111.199 natneg3.gamespy.com #firewall nat negotation server 3 (rarely used) 
    65.112.87.188 gamestats.gamespy.com #statistics, required by some games  
    63.239.170.53 motd.gamespy.com #message of the day placeholder  
    65.112.87.187 chat.gamespynetwork.com #chat/lobby, required by some games 
    65.112.87.187 peerchat.gamespy.com #chat/lobby, required by some games 
    65.112.87.186 gpcm.gamespy.com #gamespy login session tracking  
    65.112.87.186 gpsp.gamespy.com #gamespy account validation  
    65.112.87.186 master.gamespy.com #older games server list 
    65.112.87.186 master0.gamespy.com #older games server list 
    127.0.0.1                   skiptline
    127.0.0.1                   onhax.net
    127.0.0.1                   www.onhax.net
    127.0.0.1                   forum.onhax.net
    127.0.0.1                   https://forum.onhax.net
    127.0.0.1                   labs.onhax.net
    127.0.0.1                   do2dear.net
    127.0.0.1                   sanet.me
    127.0.0.1                   piratecity.net
    127.0.0.1                   rsload.net
    127.0.0.1                   www.masterkreatif.com
    127.0.0.1                   idm-crack-patch.blogspot.in
    127.0.0.1                   www.fullstuff.net
     
    There are 3 more lines.
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\john\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    MSCONFIG\Services: EasyAntiCheat => 3
    MSCONFIG\Services: HPSIService => 2
    MSCONFIG\Services: PinnacleUpdateSvc => 2
    MSCONFIG\Services: PnkBstrA => 2
    MSCONFIG\Services: ServiceLayer => 3
    MSCONFIG\Services: UCBrowserSvc => 2
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
    MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    MSCONFIG\startupreg: gflauncher => "F:\SOFTWARE\GAMES\WarFace\GFACE Launcher\live\gflauncher.exe" --autostart
    MSCONFIG\startupreg: Google Update => C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
    MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    MSCONFIG\startupreg: nppApplication => "C:\Users\john\AppData\Roaming\NotepadPlusPlusApp\nppApplication.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [TCP Query User{DCBE7502-1C57-48CC-A421-2688BBCD22D6}F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [UDP Query User{7AD2D35D-ECFA-48A1-87E9-0C65304521B1}F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [TCP Query User{9A8FA688-D302-4850-B3DE-1059CAC96818}F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [UDP Query User{9B049ED7-7D6C-4DA4-A97B-195E2DC6B372}F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [{E601E0F6-68C5-4827-8962-12DE11E98E9D}] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [{E8E96DB3-1507-4F8F-BC2E-C40242198E18}] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [TCP Query User{FAD0729C-2166-4496-95EA-2999A5ACE7A2}F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [UDP Query User{A2E3AB5D-5CA9-4C63-AFB3-FDAC53AA9ED8}F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [{81616F60-9D28-48DA-B82A-224210E263C6}] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [{5D2E5B9E-A073-4593-A46C-DC0F9B7D00CF}] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [TCP Query User{B9D24952-CF0A-46C0-8D72-E47BF44C9D0B}F:\software\games\outlast\outlast\binaries\win32\olgame.exe] => F:\software\games\outlast\outlast\binaries\win32\olgame.exe
    FirewallRules: [UDP Query User{39EF3D1D-C195-493A-8FDE-121C202CBF63}F:\software\games\outlast\outlast\binaries\win32\olgame.exe] => F:\software\games\outlast\outlast\binaries\win32\olgame.exe
    FirewallRules: [TCP Query User{59C3437D-48E3-46A2-BA24-08F0BEFA5B7A}F:\software\games\moto gp 3\motogp urt 3\motogp.exe] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [UDP Query User{8F6BE0F7-402B-4B04-AEB8-45BFDC510BCB}F:\software\games\moto gp 3\motogp urt 3\motogp.exe] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [{156013AF-593A-4DAE-9AE8-4C7CA5FCDD4B}] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [{011BE3B5-C403-413A-8B82-518DE76E5126}] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [TCP Query User{8ACD8895-60E4-4101-B91F-8EBD9D2DA993}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [UDP Query User{7F74A6B8-25AB-4AB0-A43A-A96287CEE177}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [TCP Query User{A3022DB3-9152-43C7-A963-09C76B8416B3}F:\software\games\moto gp 2\motogp2\motogp2.exe] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [UDP Query User{D8A3527F-15A5-4D0B-91DC-6473FC162395}F:\software\games\moto gp 2\motogp2\motogp2.exe] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [{9C0EC179-C96C-47D4-8E9D-7BE975DCA027}] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [{92B66C16-1328-41CE-96E1-A7D53B009A02}] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [TCP Query User{09CE43FF-3617-4E0B-A3BB-0BD0AFD84921}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [UDP Query User{28008A10-C432-4212-8248-9626A861F497}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [TCP Query User{B1FA3379-FCBC-45FA-94D4-1C32A6CC3C51}F:\software\games\motogp\motogp.exe] => F:\software\games\motogp\motogp.exe
    FirewallRules: [UDP Query User{42ECE62B-7A23-48FD-B1A5-6BE158BEC85E}F:\software\games\motogp\motogp.exe] => F:\software\games\motogp\motogp.exe
    FirewallRules: [{DA4F953F-AA80-49DB-8E7A-F0CBBABF8474}] => F:\software\games\motogp\motogp.exe
    FirewallRules: [{54712882-52AC-4E4C-BEA0-B4D311A2512C}] => F:\software\games\motogp\motogp.exe
    FirewallRules: [TCP Query User{04DA8932-7B44-47AD-95B3-E4CE587EAC94}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [UDP Query User{241459DD-42F9-41C8-A323-B2137351F777}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [TCP Query User{7E816506-4FBE-4D91-8CAF-8FDECC4AA652}F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe] => F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe
    FirewallRules: [UDP Query User{FEE9AD8A-8DC6-4184-8EBE-68FE8C34242B}F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe] => F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe
    FirewallRules: [TCP Query User{C8B35F04-BB2F-4D31-AC1B-58EA724B19F3}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [UDP Query User{00804F11-3C8C-4151-9865-F69352D3C6BA}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [TCP Query User{274BA925-9BBF-4577-B767-745CADF1563F}F:\software\games\soldier of fortune ii\sofii\sof2mp.exe] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [UDP Query User{39131056-EFDE-4862-B623-584719E55DF6}F:\software\games\soldier of fortune ii\sofii\sof2mp.exe] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [{51D5C84C-EC06-4B66-8B97-29F97EF6DADD}] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [{8693C76F-9955-42CE-9347-F96A1DC377AA}] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [TCP Query User{4AF434C8-AC2C-4A4D-93EF-2DC15279E7CD}F:\software\games\installer\nfs\speed.exe] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [UDP Query User{FEADED2F-464B-4069-8E84-85515A93F451}F:\software\games\installer\nfs\speed.exe] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [{B89BD137-81B0-4E31-AD01-78B3F8B4C4B7}] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [{38B83BD5-27C3-4688-BC76-1BF3959F4ED5}] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [TCP Query User{E8148AC7-FCD0-4B80-A1AC-B86A34604F07}F:\software\games\installer\halo\halo.exe] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [UDP Query User{EC354E9E-95A3-4C9D-B0DE-95F96B6D6911}F:\software\games\installer\halo\halo.exe] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [{9BB1D990-D903-4304-994F-E5A07EC862F2}] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [{A212C0AA-B9A3-4B50-BBBE-FC525A2ABD33}] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [TCP Query User{129610E0-DC0E-4FF8-8776-1AE4EBD486D3}F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe] => F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe
    FirewallRules: [UDP Query User{378AC9E0-9391-4766-98E0-69606E30A7D1}F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe] => F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe
    FirewallRules: [TCP Query User{D5A2F7BF-5D1A-49D8-93A9-EF4B5FA0095F}F:\software\games\installer\call of duty\codmp.exe] => F:\software\games\installer\call of duty\codmp.exe
    FirewallRules: [UDP Query User{FBA6B1D1-2290-46C5-82F5-F7ACA2C3CC39}F:\software\games\installer\call of duty\codmp.exe] => F:\software\games\installer\call of duty\codmp.exe
    FirewallRules: [TCP Query User{0D1B9C61-19E2-4E89-925A-7DA0CC1B067D}F:\software\games\farcry3\farcry 3\bin\farcry3.exe] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [UDP Query User{649DC6C5-C57F-4ED5-980E-9F57F0BC904A}F:\software\games\farcry3\farcry 3\bin\farcry3.exe] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [{FFC2643B-6AEC-4CFE-989E-58BF68F803A3}] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [{C09F243A-2230-46AF-86C1-83F59E358EEB}] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [TCP Query User{8097223D-6718-46EF-A9BD-4D4BDAF64FD1}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [UDP Query User{692BC860-437D-411E-8771-4FB359389DDC}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [{2CC42872-87F3-4EB0-AA38-7D9E67ED03BA}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [{B4D89584-8165-4FD9-969F-885A27FD49F9}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [TCP Query User{E0A55979-74A7-4CAD-96FC-074D85C350FF}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [UDP Query User{290ABCB2-C42F-4FAD-83C8-FE1916CBD055}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [{59467AFF-7BB5-4717-ACE0-5283F0DA56A3}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [{FD3DE39F-D882-4214-9F64-CCBD388F4E14}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [TCP Query User{5515D3EA-075A-4C7E-B4F4-EDED7D55EC9C}F:\software\games\installer\halo\halo\halo.exe] => F:\software\games\installer\halo\halo\halo.exe
    FirewallRules: [UDP Query User{6EAE949A-F0A7-4B9D-ABBC-E7FCE11EA3B3}F:\software\games\installer\halo\halo\halo.exe] => F:\software\games\installer\halo\halo\halo.exe
    FirewallRules: [TCP Query User{BFB97868-A203-4BDD-B425-01BB73A69A83}F:\software\games\installer\gamez\saints row 2\sr2_pc.exe] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [UDP Query User{BFAC110B-9B8D-4782-BD45-9C9BDE1E2ADB}F:\software\games\installer\gamez\saints row 2\sr2_pc.exe] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [{0FAFB5C2-DBC1-4F28-BE6A-5352D27F1487}] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [{CEE5232E-C659-4370-991D-BE78C263AFAC}] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [TCP Query User{8FC7C3F8-825D-4179-9511-1FF0F8635C3A}F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe] => F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe
    FirewallRules: [UDP Query User{A99A424C-9FF6-4879-8439-83E51CF9F2DB}F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe] => F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe
    FirewallRules: [TCP Query User{C3CEA229-715E-4B14-A0AC-218B07CC8840}F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe] => F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe
    FirewallRules: [UDP Query User{204275A5-0310-44F8-9FF9-848AD7A269FC}F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe] => F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe
    FirewallRules: [TCP Query User{E0A923CA-37F9-40C5-8912-B3B3F3431C83}F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [UDP Query User{69C817E6-3DEA-4DED-A203-61A6E1C30DC2}F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [{02087311-366D-473D-BD16-290AD30133B3}] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [{F0149704-FE03-4EDC-B38D-6DEA540DB017}] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [{89D99642-ED43-4AE4-B1F6-96E71CF48BCC}] => C:\Windows\System32\PnkBstrA.exe
    FirewallRules: [{00C9C4ED-B33C-4243-ACAB-CD14BA9E3484}] => C:\Windows\System32\PnkBstrA.exe
    FirewallRules: [{38BAD83B-8038-42ED-810F-6FABA95FFC51}] => C:\Windows\System32\PnkBstrB.exe
    FirewallRules: [{4C65AB3E-5508-48F1-AD20-4EFAE0E7EBDE}] => C:\Windows\System32\PnkBstrB.exe
    FirewallRules: [TCP Query User{2A63243B-78F4-4D52-A420-CDD22C000181}F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [UDP Query User{767D3BA2-8E1F-424A-85DC-0D11F9EB8D85}F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [{4126805B-BEA0-498D-B46D-F3085F0EE3C4}] => F:\SOFTWARE\Evolve\EvoSvc.exe
    FirewallRules: [{6E7C1E83-212F-40FD-B22D-87BED1ADC213}] => F:\SOFTWARE\Evolve\EvolveClient.exe
    FirewallRules: [TCP Query User{AED538CB-BF3F-476A-B5DE-8B19B07A7CC6}F:\software\games\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [UDP Query User{5E7FB950-282E-433E-8F32-50685E42161C}F:\software\games\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [{F6ED12A7-5188-465A-8AC9-DC41032F1FFB}] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [{64B369A8-0D47-4D3D-8658-F1A14DCE01CC}] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [TCP Query User{DBE353C2-674A-47C8-AB48-8B81A4943FC7}C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe] => C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe
    FirewallRules: [UDP Query User{4234CAE8-167A-4DEA-B279-D53CF27B7BE8}C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe] => C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe
    FirewallRules: [TCP Query User{D874C16E-FAF9-4A6F-9DFC-F7FA40822D8F}C:\windows\system32\dplaysvr.exe] => C:\windows\system32\dplaysvr.exe
    FirewallRules: [UDP Query User{0366B07E-6302-426F-984F-493F9F805884}C:\windows\system32\dplaysvr.exe] => C:\windows\system32\dplaysvr.exe
    FirewallRules: [{3C3677EC-414C-4146-9CEE-85BAB1163BDB}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{F8DF310B-0099-4A7F-8844-4D4E98349783}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{9654B86F-F949-4FB6-B542-EB2C91CDB6A5}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{3D6ECB24-3443-4625-8843-308D478144A5}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [TCP Query User{656C0E3C-7FEE-45B1-9AFD-098A7FD7F09C}F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe] => F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe
    FirewallRules: [UDP Query User{E1A1950F-8041-468C-A6ED-6F9ECA1675D5}F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe] => F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe
    FirewallRules: [TCP Query User{0AD87A43-72D8-487B-9D0A-FA25B8FFAE64}F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe] => F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe
    FirewallRules: [UDP Query User{C034CDEC-7CF2-4029-A1D5-02FCB6674E6C}F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe] => F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe
    FirewallRules: [TCP Query User{54F90538-28EA-42D1-B756-22308F9325E6}F:\software\games\sector 8\section 8\binaries\s8game-f.exe] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [UDP Query User{10742634-2E26-49D4-B53D-77D6FDF504F8}F:\software\games\sector 8\section 8\binaries\s8game-f.exe] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [{821C5ACD-82F3-402D-8184-B616F6B43623}] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [{0E586078-99D5-4C81-AA41-70094B030A61}] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [TCP Query User{1561A5D2-AD2B-42A2-9EEC-B7A6D6F211D5}F:\software\games\7554\7554\7554.exe] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [UDP Query User{BC274553-222F-4668-8735-4DB98167AD17}F:\software\games\7554\7554\7554.exe] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [{24EC96A4-A6E8-42EA-840B-450DDA4DCA11}] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [{5AA23779-A841-41E0-916A-117B7A16E84D}] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [TCP Query User{7CFAE32C-EC2D-4D62-A2A5-13A4E04890FF}F:\software\games\tom clancy's h.a.w.x\hawx.exe] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [UDP Query User{6CF710F5-FEB3-4BFF-B07C-F1776A2D0A0C}F:\software\games\tom clancy's h.a.w.x\hawx.exe] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [{9AAE82DA-0AFA-4C45-AAFE-A26D51C9EC0B}] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [{E6FD0997-A736-45F9-A3ED-3260E6C3544B}] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [TCP Query User{2E0282CF-546F-47E4-8D6D-049307122F46}F:\software\games\cs\hl.exe] => F:\software\games\cs\hl.exe
    FirewallRules: [UDP Query User{D82F8AF8-C26A-4AD9-82CC-BDFCBDD1C6D6}F:\software\games\cs\hl.exe] => F:\software\games\cs\hl.exe
    FirewallRules: [{E1AFE0DC-05C6-484A-ADF5-7941FE4D9EA9}] => F:\software\games\cs\hl.exe
    FirewallRules: [{CCCF62A2-8B00-40E9-B9B1-F0ED1F17709E}] => F:\software\games\cs\hl.exe
    FirewallRules: [TCP Query User{5117D8C9-92AB-431F-9B6E-70B56B7A4544}F:\software\games\splinter cell ct\system\splintercell3.exe] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [UDP Query User{96C09BCC-877D-4AEE-BAE6-F4C7233B19C7}F:\software\games\splinter cell ct\system\splintercell3.exe] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [{416B201D-3A7C-4EB6-AAEB-FDE5FDF9D98F}] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [{E7FB67BB-3B0C-434B-9534-63B5AAA964A9}] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [TCP Query User{B057F8FB-F20A-4C6A-955D-8662800E4ED9}F:\software\games\cod\codmp.exe] => F:\software\games\cod\codmp.exe
    FirewallRules: [UDP Query User{2CB6A5EE-75C7-43E3-A745-B9C52E71B6F1}F:\software\games\cod\codmp.exe] => F:\software\games\cod\codmp.exe
    FirewallRules: [{882E3EA8-552D-4C3F-B014-6F6DA7D33582}] => F:\software\games\cod\codmp.exe
    FirewallRules: [{B0F5EA44-DF41-4D5F-AD2D-8C623CB3D08B}] => F:\software\games\cod\codmp.exe
    FirewallRules: [TCP Query User{39A16B65-56F4-4875-B0FC-032E6BF4E8C8}F:\software\games\commandos\commxpc.exe] => F:\software\games\commandos\commxpc.exe
    FirewallRules: [UDP Query User{C546F9C6-C7F2-415A-9C96-4B05CC6AFC36}F:\software\games\commandos\commxpc.exe] => F:\software\games\commandos\commxpc.exe
    FirewallRules: [{45F24DA3-CF2E-479F-A542-52CBFE0E353D}] => C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{1A3589AB-8A4E-4D11-96F5-87A9E712D35E}] => C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{BC83DDAB-7528-421B-A78E-C36EC5D4FCDC}] => C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{BA95809E-C008-4B02-85D5-468D1B170162}] => C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{9B0F94BC-B56C-4398-81E0-4863FC73642E}] => C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{5248034F-37AE-4D40-9927-66B4F2006145}] => C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{751C55DA-C21A-4192-88FD-FE26DEF168A9}] => C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{7F0EEFDA-C9D8-4DA1-879E-48DF820D947D}] => C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{141BAF04-3919-47AB-A7EE-E38663D23B7A}] => C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{56748069-3B3F-4382-A34B-C1F5D8FC3DD8}] => C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [TCP Query User{D5ED4FB1-9F3F-4128-87EE-FA053CDC56BD}F:\software\games\sr4\saints row iv\saintsrowiv.exe] => F:\software\games\sr4\saints row iv\saintsrowiv.exe
    FirewallRules: [UDP Query User{036B1728-2F72-4B86-BFBF-5DBCC0AFF030}F:\software\games\sr4\saints row iv\saintsrowiv.exe] => F:\software\games\sr4\saints row iv\saintsrowiv.exe
    FirewallRules: [TCP Query User{98821F78-265E-41DB-B91F-BE85F968B1C9}C:\gog games\serious sam the first encounter\bin\serioussam.exe] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [UDP Query User{7A11F9C2-E351-487B-9A74-E1130272EC17}C:\gog games\serious sam the first encounter\bin\serioussam.exe] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [{421E876F-88CA-4C4A-95CE-FD49211723DF}] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [{5A99C861-00B6-4C91-8A61-2532740D4431}] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [TCP Query User{53B9040E-B249-4BED-9F11-3CA17872BAE5}F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [UDP Query User{D03F3EF5-6813-4DC5-BEA9-8169CEBB59BF}F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [TCP Query User{DB6B8000-29B5-49BC-A9D6-F80403A7832C}F:\software\games\bionic commando\bionic commando\bionic_commando.exe] => F:\software\games\bionic commando\bionic commando\bionic_commando.exe
    FirewallRules: [UDP Query User{31BCDF30-7759-4A21-A409-DFBE1CEE1788}F:\software\games\bionic commando\bionic commando\bionic_commando.exe] => F:\software\games\bionic commando\bionic commando\bionic_commando.exe
    FirewallRules: [TCP Query User{20A8FF64-781E-4165-BF41-B1E62DC781F6}F:\software\games\sof3\sof3.exe] => F:\software\games\sof3\sof3.exe
    FirewallRules: [UDP Query User{E3D1F40C-8A2B-4C1C-AE73-851EF83C4BC2}F:\software\games\sof3\sof3.exe] => F:\software\games\sof3\sof3.exe
    FirewallRules: [{3714EEE8-26C0-463B-978D-358C2CAFE79F}] => F:\SOFTWARE\GAMES\Graw2\Ghost Recon Advanced Warfighter 2\graw2.exe
    FirewallRules: [{91C8F6CF-03DC-4A43-8548-0A32A8D1060C}] => F:\SOFTWARE\GAMES\Graw2\Ghost Recon Advanced Warfighter 2\graw2.exe
    FirewallRules: [{378BED23-54BC-486A-98F5-502539EB354E}] => F:\software\games\sof3\sof3.exe
    FirewallRules: [{9E643B47-CCC0-4817-8257-5A169DE94A37}] => F:\software\games\sof3\sof3.exe
    FirewallRules: [{06FACBF3-AA5C-49E1-867C-F4D331CCF975}] => F:\SOFTWARE\DM\Free Download Manager\fdm.exe
    FirewallRules: [{5C3D3E23-B6B1-442D-97C5-3D94E75FCAF0}] => F:\SOFTWARE\DM\Free Download Manager\fdm.exe
    FirewallRules: [{F38F9695-0B86-4805-822F-3F1D28F356DE}] => C:\Program Files\Steam\Steam.exe
    FirewallRules: [{E8BE00EC-4603-4439-8844-E05A922A4502}] => C:\Program Files\Steam\Steam.exe
    FirewallRules: [{18442C2E-57E7-4145-B5CE-3E24D9B299B4}] => C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C4FC2CDC-4E9B-47A7-B302-B6B1DA331D48}] => C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{C170AA34-9B06-46CD-8FE8-6F15ADC67BE9}F:\software\games\splinter cell\system\splintercell3.exe] => F:\software\games\splinter cell\system\splintercell3.exe
    FirewallRules: [UDP Query User{87CD7198-DBA4-46C9-9072-B2EE9170C635}F:\software\games\splinter cell\system\splintercell3.exe] => F:\software\games\splinter cell\system\splintercell3.exe
    FirewallRules: [{5801FC5D-313A-45D3-A659-057BE8D61AE1}] => C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{DE04621E-46CE-4D17-ADAE-3033DE564FC6}] => F:\SteamLibrary\steamapps\common\Warface\live\nw.exe
    FirewallRules: [{5A919273-227A-4859-AB48-2297EF57E136}] => F:\SteamLibrary\steamapps\common\Warface\live\nw.exe
    FirewallRules: [TCP Query User{35D66C09-3AA4-4AC3-8FC2-D29B83E33BAA}F:\software\games\call of duty\codmp.exe] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [UDP Query User{CC94E2E4-2467-4B6F-882C-94987497B018}F:\software\games\call of duty\codmp.exe] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [{A8AA4752-EE25-4A4F-A69A-1EDAA3A47782}] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [{12D5983F-BAC3-4057-8568-B97C2C9F87EC}] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [TCP Query User{3B3CA9C7-30FA-40A5-BD4F-AECFC24466A0}D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe] => D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe
    FirewallRules: [UDP Query User{A575CF5E-E345-4CDB-B244-41BA08F85A1A}D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe] => D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe
    FirewallRules: [{5DEFCD40-112B-47A9-9AAD-3174C4E8D461}] => F:\SOFTWARE\GAMES\I Am Alive\src\System\IAmAlive_game.exe
    FirewallRules: [{C6EE05D7-5201-4C52-A3CE-30F688B03BA4}] => F:\SOFTWARE\GAMES\I Am Alive\src\System\IAmAlive_game.exe
    FirewallRules: [{6DB37E13-089D-43E9-9797-9C35A7817FC4}] => F:\SOFTWARE\GAMES\I Am Alive\IAmAlive_Launcher.exe
    FirewallRules: [{6DA7649C-598A-4B3C-9DA4-B64767879F84}] => F:\SOFTWARE\GAMES\I Am Alive\IAmAlive_Launcher.exe
    FirewallRules: [{E6A14F82-5B8D-4FC7-96FE-555BAE791DB0}] => C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{9181A1B2-0715-4910-A4FC-A70A1B3F051E}] => C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{33E445DB-E29F-4233-9B8D-45BCB6C98E18}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{591114D1-AE28-4B70-B660-C1D83613953E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{3C9AE3E5-8C51-4C6D-B4D9-D78DF85C462F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{EC3AE57F-F1E8-48D8-B271-F67387FBFA13}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{FD05D236-EA1D-4D2C-9F26-EC1DD430A5C7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{37B03555-DFC4-40FB-9470-3AF3EB308255}F:\software\games\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\left 4 dead\left4dead.exe
    FirewallRules: [UDP Query User{28FAAD15-85CF-49A9-9A16-4734625CDC3F}F:\software\games\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\left 4 dead\left4dead.exe
    FirewallRules: [TCP Query User{29749E34-B790-41E0-B9BC-CA1C4DE85BD2}C:\xiaomi\xiaomiflash\xiaomiflash.exe] => C:\xiaomi\xiaomiflash\xiaomiflash.exe
    FirewallRules: [UDP Query User{E1DAD9D0-9E32-4764-8026-30FDC9E18526}C:\xiaomi\xiaomiflash\xiaomiflash.exe] => C:\xiaomi\xiaomiflash\xiaomiflash.exe
    FirewallRules: [TCP Query User{0DDD5B00-1944-498C-9251-4A8C986F905A}F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe] => F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe
    FirewallRules: [UDP Query User{A44743A5-C7F8-4462-AB22-4C4DB2073A82}F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe] => F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe
    FirewallRules: [TCP Query User{79CAE1F3-AC2C-48CF-8673-49EC74DE558E}F:\software\unity\editor\unity.exe] => F:\software\unity\editor\unity.exe
    FirewallRules: [UDP Query User{45087234-3A5E-47C9-9C04-E775DA97778E}F:\software\unity\editor\unity.exe] => F:\software\unity\editor\unity.exe
    FirewallRules: [{027C58D1-6DCE-49C3-A112-0F2C1453C1C3}] => F:\software\unity\editor\unity.exe
    FirewallRules: [{5420C678-C973-4CEB-81AE-BA22023E9E74}] => F:\software\unity\editor\unity.exe
    FirewallRules: [{D5103368-EB1B-48FB-94C3-94225619A57D}] => F:\SteamLibrary\steamapps\common\WARMODE\warmode.exe
    FirewallRules: [{3E07BBE1-AA06-45A3-9F25-9039288D9B37}] => F:\SteamLibrary\steamapps\common\WARMODE\warmode.exe
    FirewallRules: [TCP Query User{5300A8F6-6508-4BFB-B96A-21B13A4A779F}F:\software\games\crysis\crysis\crysis.exe] => F:\software\games\crysis\crysis\crysis.exe
    FirewallRules: [UDP Query User{5119D2A0-C0F7-4570-860C-77890D85C156}F:\software\games\crysis\crysis\crysis.exe] => F:\software\games\crysis\crysis\crysis.exe
    FirewallRules: [TCP Query User{AF30BE37-639F-40A4-93E6-271EB56609A9}E:\games\left 4 dead 2\left4dead 2\left4dead2.exe] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [UDP Query User{7DD6800E-63FA-4F3C-B1D2-CA809175DC17}E:\games\left 4 dead 2\left4dead 2\left4dead2.exe] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [{63F07EE9-8889-4327-98B0-2D1A1F5961E9}] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [{1073B8A9-D573-42D4-A1BF-3E3ABF83F695}] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [{6C18558D-77F4-4EED-9185-47A8C2D70A0C}] => C:\Program Files\UCBrowser\Application\UCBrowser.exe
    FirewallRules: [{51E6E357-EC56-4957-AE91-9D69BE2F05F8}] => C:\Program Files\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
    FirewallRules: [TCP Query User{7C9E4798-BB6A-4AB5-9B2C-29F7CC1D7896}E:\games\trackmania2\trackmania 2\maniaplanet.exe] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [UDP Query User{4F0CE124-E15C-45E5-824C-A3E443A2351F}E:\games\trackmania2\trackmania 2\maniaplanet.exe] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [{99A7878C-1DF3-4903-8D9A-86B2DDA5BD8A}] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [{D7A3EBC0-8DA6-46AB-8068-AF5CE70D8D8F}] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [TCP Query User{11C50F83-E74D-49CE-B992-97B50C3FD6EA}C:\games\trackmania 2\maniaplanet.exe] => C:\games\trackmania 2\maniaplanet.exe
    FirewallRules: [UDP Query User{6C125162-207D-4E43-BABF-3E09A26DBB82}C:\games\trackmania 2\maniaplanet.exe] => C:\games\trackmania 2\maniaplanet.exe
    FirewallRules: [TCP Query User{F07127DC-16AA-4117-A7F2-86B1BCC2698B}C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
    FirewallRules: [UDP Query User{EFFCE1AB-1002-498E-B3F1-28A9F748641C}C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
    FirewallRules: [TCP Query User{E7E1179A-87BC-4447-896C-4D09AE20A648}E:\games\midtown madness 2\midtown madness 2\midtown2.exe] => E:\games\midtown madness 2\midtown madness 2\midtown2.exe
    FirewallRules: [UDP Query User{FAB75568-B9A7-41CE-B12E-95DA895FD3B8}E:\games\midtown madness 2\midtown madness 2\midtown2.exe] => E:\games\midtown madness 2\midtown madness 2\midtown2.exe
    FirewallRules: [TCP Query User{605508C3-4E62-4D7D-A634-97C8EA7A81BC}E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin] => E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin
    FirewallRules: [UDP Query User{D0E40591-6199-4774-B275-B7808E03D3E6}E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin] => E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin
    FirewallRules: [TCP Query User{8EAF3A2A-EF8A-449C-8294-B42DF132CEA0}E:\games\sof3\sof3.exe] => E:\games\sof3\sof3.exe
    FirewallRules: [UDP Query User{996318BB-D31C-4C17-AE98-84456E4B0ACE}E:\games\sof3\sof3.exe] => E:\games\sof3\sof3.exe
    FirewallRules: [TCP Query User{E60D9CCA-64E8-4609-8203-563FD177322E}F:\need for speed\speed.exe] => F:\need for speed\speed.exe
    FirewallRules: [UDP Query User{BD4E4D81-29AE-44C6-82FB-FCF869F58482}F:\need for speed\speed.exe] => F:\need for speed\speed.exe
    FirewallRules: [TCP Query User{F2989582-E63E-404A-84A6-77DEF46079EB}E:\games\new folder\motogp.exe] => E:\games\new folder\motogp.exe
    FirewallRules: [UDP Query User{71F44CAD-50DE-4644-8F72-FAA18D89A4BF}E:\games\new folder\motogp.exe] => E:\games\new folder\motogp.exe
    FirewallRules: [TCP Query User{35317282-9BEE-4AE9-B03A-59941A6C10A3}F:\software\games\p2\prototype 2\prototype2.exe] => F:\software\games\p2\prototype 2\prototype2.exe
    FirewallRules: [UDP Query User{BEBACC49-90FE-417F-A603-E51E2B8EF85C}F:\software\games\p2\prototype 2\prototype2.exe] => F:\software\games\p2\prototype 2\prototype2.exe
    FirewallRules: [TCP Query User{B41B3C24-BF11-4C4C-AFC0-054DAB75B7D4}E:\games\crysis 2\crysis 2\bin32\crysis2.exe] => E:\games\crysis 2\crysis 2\bin32\crysis2.exe
    FirewallRules: [UDP Query User{76FC0088-6A19-4C26-AE93-C0CF16E7E6D9}E:\games\crysis 2\crysis 2\bin32\crysis2.exe] => E:\games\crysis 2\crysis 2\bin32\crysis2.exe
    FirewallRules: [TCP Query User{9E69EE81-7209-49C6-A726-74F579C2FFAE}E:\games\motogp\motogp.exe] => E:\games\motogp\motogp.exe
    FirewallRules: [UDP Query User{707910D1-008B-4F44-AD1F-53A8C19A1DA2}E:\games\motogp\motogp.exe] => E:\games\motogp\motogp.exe
    FirewallRules: [{3750D5AA-A6A8-44AF-B2DF-5688127DF701}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{C74D8111-1304-49EF-BCC8-C04CA37DE4B1}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [TCP Query User{8EA6AE7B-F084-4F63-AB2B-6B2BFBA107E0}E:\games\driver san francisco\driver.exe] => E:\games\driver san francisco\driver.exe
    FirewallRules: [UDP Query User{A579F6F1-5419-47CE-B014-0B86B1954E53}E:\games\driver san francisco\driver.exe] => E:\games\driver san francisco\driver.exe
    FirewallRules: [{65B29817-6843-44DF-842C-1DDF17315856}] => F:\EVL\EvoSvc.exe
    FirewallRules: [{39B440DE-AD08-40F4-BB2D-90B1C07FA6CA}] => F:\EVL\EvolveClient.exe
    FirewallRules: [TCP Query User{35C2C89D-84E0-437F-996F-5047A99FC2CC}E:\games\dead space\dead space.exe] => E:\games\dead space\dead space.exe
    FirewallRules: [UDP Query User{235A9A61-C21B-4E42-8256-53504771DD08}E:\games\dead space\dead space.exe] => E:\games\dead space\dead space.exe
    FirewallRules: [TCP Query User{D1B04FBE-CC2D-4DCF-B25F-1B7710241BB4}F:\software\unity\monodevelop\bin\monodevelop.exe] => F:\software\unity\monodevelop\bin\monodevelop.exe
    FirewallRules: [UDP Query User{33227A65-86A5-4C0F-A845-BF457930F915}F:\software\unity\monodevelop\bin\monodevelop.exe] => F:\software\unity\monodevelop\bin\monodevelop.exe
    FirewallRules: [{A4FEEF1C-5DDE-4612-9F52-7974ABDDF337}] => F:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
    FirewallRules: [{0E3861F2-5127-44C9-94AD-0340FAEC98A2}] => F:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
    FirewallRules: [TCP Query User{9DBA3FD9-DAA2-454B-948A-83C392578C84}F:\steamlibrary\steamapps\common\cry of fear\cof.exe] => F:\steamlibrary\steamapps\common\cry of fear\cof.exe
    FirewallRules: [UDP Query User{50B6F80D-EE35-47B0-8FAD-6E9A6C433579}F:\steamlibrary\steamapps\common\cry of fear\cof.exe] => F:\steamlibrary\steamapps\common\cry of fear\cof.exe
    FirewallRules: [TCP Query User{FBCE72C1-85DF-4D1A-B496-83B9B4CDD8E7}E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe] => E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe
    FirewallRules: [UDP Query User{13DBFA50-A782-4CE3-A307-0FF7D7506A7D}E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe] => E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe
    FirewallRules: [{EE08187A-7764-4AF2-A224-618F12D31EDD}] => E:\Games\FarCry2\Far Cry 2\bin\FarCry2.exe
    FirewallRules: [{A2E80555-3220-43A3-8A87-5E54D6EA0576}] => E:\Games\FarCry2\Far Cry 2\bin\FarCry2.exe
    FirewallRules: [{70DB4B0D-C60C-4C74-AB46-4FB4D8402DBA}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Launcher.exe
    FirewallRules: [{8FDEE838-A7ED-42A4-BEDC-A84C044FD480}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Launcher.exe
    FirewallRules: [{2CF9C72C-1453-4AAC-8719-5443E65F965D}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Editor.exe
    FirewallRules: [{D75B646A-95ED-4E98-83F5-B826EC83DE72}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Editor.exe
    FirewallRules: [TCP Query User{5B972FC1-7FE1-48FE-B860-C94D8B89052B}E:\nfs\speed.exe] => E:\nfs\speed.exe
    FirewallRules: [UDP Query User{C995FF46-02AA-43FA-BF1A-70D3AEE4A48D}E:\nfs\speed.exe] => E:\nfs\speed.exe
    FirewallRules: [{E71E0CF0-02E3-4CDF-A157-C07D4249CA24}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{0FADEF8B-4BE2-4B02-8F45-5A2A1AB8A04B}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E5EDABDD-5243-4035-8F6B-7804D632A7E9}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{7C4E1579-449F-47C2-B663-80E9A383C6A9}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8A979DF7-3457-4C99-8975-AB1502F40A87}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{4DBB37D5-BECB-4474-A953-BC028B25CD55}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{21C3420A-7E1F-4B18-95DE-E1253D968391}E:\games\call of duty 2\cod2\cod2mp_s.exe] => E:\games\call of duty 2\cod2\cod2mp_s.exe
    FirewallRules: [UDP Query User{FB3DFE79-D858-429F-A535-84FF74B4BEB8}E:\games\call of duty 2\cod2\cod2mp_s.exe] => E:\games\call of duty 2\cod2\cod2mp_s.exe
    FirewallRules: [{1A7ED244-53F3-4FEA-AFE5-696A57D80215}] => C:\Program Files\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    ATTENTION: System Restore is disabled
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/11/2017 11:39:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
     
    Error: (02/11/2017 11:39:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
    Error: (02/11/2017 11:39:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
    Error: (02/11/2017 11:39:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
    Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
     
    Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
    Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
    Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
    Error: (02/11/2017 08:49:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
     
    Error: (02/11/2017 08:49:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
     
     
    System errors:
    =============
    Error: (02/11/2017 11:55:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (02/11/2017 11:53:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    sfdrv01
    sfsync02
    sfvfs02
     
    Error: (02/11/2017 11:52:49 AM) (Source: Application Popup) (EventID: 875) (User: )
    Description: Driver sfdrv01.sys has been blocked from loading.
     
    Error: (02/11/2017 11:52:49 AM) (Source: Application Popup) (EventID: 875) (User: )
    Description: Driver sfvfs02.sys has been blocked from loading.
     
    Error: (02/11/2017 11:52:47 AM) (Source: Application Popup) (EventID: 875) (User: )
    Description: Driver sfsync02.sys has been blocked from loading.
     
    Error: (02/11/2017 11:49:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    An instance of the service is already running.
     
    Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
     
    Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).
     
     
    ==================== Memory info =========================== 
     
    Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
    Percentage of memory in use: 37%
    Total physical RAM: 2047.3 MB
    Available physical RAM: 1281.2 MB
    Total Virtual: 4094.61 MB
    Available Virtual: 3192.62 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:48.96 GB) (Free:7.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (MOVIES) (Fixed) (Total:83.01 GB) (Free:9.95 GB) NTFS
    Drive e: (USER) (Fixed) (Total:83.01 GB) (Free:10.34 GB) NTFS
    Drive f: (SOFTWARE) (Fixed) (Total:83.02 GB) (Free:5.16 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2146DE3F)
    Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Looks like you stepped in something back on 2/7 but you have been collecting adware for a long time.

     

    Go back into msconfig and under Services, check

     

    UCBrowserSvc

     

    OK.  

     

    Reboot

     

    Clear the Java Cache by following the instructions on

     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 2 SDK Standard Edition v1.2.2 
    Java™ 6 Update 26 
    JavaPK for Desktop 2.1
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    Also uninstall 
    UC Browser
    youndoo  
     
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   36.57KB   53 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
    PC will reboot.
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    This may take more than one fixlist to get it all.

    PS: I'm removing the StarForce Protection software (protects software probably a game from being copyrighted.)  because their drivers are not compatible with your version of Windows.  

     


    • 0

    #7
    simon_grylls

    simon_grylls

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    Thank you for your Help Sir....

     

    Fix Log:

     

    Fix result of Farbar Recovery Scan Tool (x86) Version: 11-02-2017
    Ran by john (11-02-2017 20:52:30) Run:2
    Running from C:\Users\john\Desktop
    Loaded Profiles: john (Available Profiles: john)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    unlock: C:\Users\john\AppData\Local\NFS Underground 2
    unlock: C:\Program Files\UCBrowser
    unlock: C:\Program Files\Tolzermght Adapter
    HKLM\...\Providers\4sb5o2kd: C:\Program Files\Tolzermght Adapter\local32spl.dll [274944 2017-02-07] ()
    ShellExecuteHooks: No Name - {54AAFC92-EABC-11E6-A1B6-64006A5CFC23} - C:\Users\john\AppData\Roaming\Cujercult\Atazokclvuph.dll [126464 2017-02-07] ()
    ManualProxies: 0hxxp://un-blocking.info/wpad.dat?ae70e6ebbad117b2dd34bf9cf8bd1b3217766709
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000 -> DefaultScope {ielnksrch} URL =
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/1.2/jinstall-11-win.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    FF NewTab: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.NT
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\84cizlnl.default -> youndoo
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\84cizlnl.default -> youndoo
    FF Homepage: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.HP
    FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\4sb5o2kd.xml [2017-02-07]
    FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\findit.xml [2017-02-07]
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
    FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll [No File]
    CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHCxomeujIo3zShG6o34N1BxQ-YeHx5r3_oD1CACZ8OBXNYc4F0vpyZT5twVvbJdmrMgeC5Jaa6Yn9AVS_7poDf8cgdrnWssc0R83p3I0UllQxE826TSSp0XRhfvQ1haCofyF0mWavdBmVPDw1Ai17FtBijY_ztIZ76gYDBYUg,,
    CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHCxomeujIo3zShG6o34N1BxQ-YeHx5r3_oD1CACZ8OBXNYc4F0vpyZT5twVvbJdmrMgeC5Jaa6Yn9AVR_pun2hQWdxZNBP6ZFFvntC8rPyrmDAeNY9sIyYQa0djrnAeyz-TrRUJop0BVC4b4gk51Ajna-GDc4pJkvJtef9n2A,,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    S4 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [629648 2017-01-18] ()
    S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
    S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed]
    R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
    S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed]
    S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [File not signed]
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
    S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    S3 xspirit; \??\C:\Windows\xspirit.sys [X]
    S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
    2017-02-07 17:29 - 2017-02-07 17:29 - 00000101 _____ C:\Windows\system32\_system.ini
    2017-02-07 17:28 - 2017-02-08 16:43 - 00000000 ____D C:\Program Files\Top Password
    2017-02-07 17:25 - 2017-02-07 17:25 - 07316480 _____ C:\Users\john\AppData\Roaming\agent.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 01906989 _____ C:\Users\john\AppData\Roaming\ZooSiling.tst
    2017-02-07 17:25 - 2017-02-07 17:25 - 00126464 _____ C:\Users\john\AppData\Roaming\noah.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00126464 _____ C:\Users\john\AppData\Roaming\lobby.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00072787 _____ C:\Users\john\AppData\Roaming\Silverfix.tst
    2017-02-07 17:25 - 2017-02-07 17:25 - 00070752 _____ C:\Users\john\AppData\Roaming\Config.xml
    2017-02-07 17:25 - 2017-02-07 17:25 - 00054272 _____ C:\Users\john\AppData\Roaming\ApplicationHosting.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00018432 _____ C:\Users\john\AppData\Roaming\Main.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 00005568 _____ C:\Users\john\AppData\Roaming\md.xml
    2017-02-07 17:25 - 2017-02-07 17:24 - 00983040 _____ C:\Users\john\AppData\Roaming\ZooSiling.exe
    2017-02-07 17:25 - 2017-02-07 17:24 - 00983040 _____ C:\Users\john\AppData\Roaming\Silverfix.exe
    2017-02-07 17:24 - 2017-02-07 17:25 - 00016560 _____ C:\Users\john\AppData\Roaming\InstallationConfiguration.xml
    2017-02-07 17:24 - 2017-02-07 17:24 - 00140288 _____ C:\Users\john\AppData\Roaming\Installer.dat
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Users\john\AppData\Roaming\Cujercult
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Users\john\AppData\Local\Tepidom
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\Avira
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\Avg
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Program Files\Tolzermght Adapter
    2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Program Files\Kugshcoijich
    2017-02-11 11:40 - 2016-11-05 22:39 - 00000442 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-02-06 17:50 - 2016-10-28 17:50 - 00000000 ____D C:\ProgramData\Unity
    2017-02-05 11:47 - 2014-05-08 12:15 - 00000000 ____D C:\Users\john\AppData\Roaming\Unity
    2017-02-03 17:46 - 2016-11-05 22:38 - 00000000 ____D C:\Program Files\UCBrowser
    2017-02-07 17:25 - 2017-02-07 17:25 - 7316480 _____ () C:\Users\john\AppData\Roaming\agent.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0054272 _____ () C:\Users\john\AppData\Roaming\ApplicationHosting.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0070752 _____ () C:\Users\john\AppData\Roaming\Config.xml
    2017-02-07 17:24 - 2017-02-07 17:25 - 0016560 _____ () C:\Users\john\AppData\Roaming\InstallationConfiguration.xml
    2017-02-07 17:24 - 2017-02-07 17:24 - 0140288 _____ () C:\Users\john\AppData\Roaming\Installer.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0126464 _____ () C:\Users\john\AppData\Roaming\lobby.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0018432 _____ () C:\Users\john\AppData\Roaming\Main.dat
    2017-02-07 17:25 - 2017-02-07 17:25 - 0005568 _____ () C:\Users\john\AppData\Roaming\md.xml
    2017-02-07 17:25 - 2017-02-07 17:25 - 0126464 _____ () C:\Users\john\AppData\Roaming\noah.dat
    2017-02-07 17:25 - 2017-02-07 17:24 - 0983040 _____ () C:\Users\john\AppData\Roaming\Silverfix.exe
    2017-02-07 17:25 - 2017-02-07 17:25 - 0072787 _____ () C:\Users\john\AppData\Roaming\Silverfix.tst
    2017-02-07 17:27 - 2017-02-07 17:27 - 0032038 _____ () C:\Users\john\AppData\Roaming\uninstall_temp.ico
    2017-02-07 17:25 - 2017-02-07 17:24 - 0983040 _____ () C:\Users\john\AppData\Roaming\ZooSiling.exe
    2017-02-07 17:25 - 2017-02-07 17:25 - 1906989 _____ () C:\Users\john\AppData\Roaming\ZooSiling.tst
    C:\Users\john\AppData\Local\NFS Underground 2
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 5\Simon Magazine 5
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 4\Simon Magazine 4
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 3\Simon Magazine 3
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 2\Simon Magazine 2
    C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 1\Simon Magazine 1
    C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 3\Simon DVD 3
    C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 2\Simon DVD 2
    C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 1\Simon DVD 1
    C:\Users\john\AppData\Local\NFS Underground 2\Simon\Simon
    C:\Users\john\AppData\Local\NFS Underground 2\N\N
    2017-02-09 17:54 - 2017-02-09 17:54 - 0204800 _____ (Sony DADC Austria AG) C:\Users\john\AppData\Local\Temp\drm_dyndata_7380007.dll
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32 -> C:\Program Files\JavaSoft\JRE\1.2\bin\beans.ocx (JavaSoft / Sun Microsystems)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
    Task: {0E242664-FBC9-486F-A50D-67464DA8D8A9} - System32\Tasks\{CEED2990-1686-4541-94BC-A4FC1A09C2CA} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
    Task: {88B98B1B-E8C9-4F88-8724-763D37211FB5} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe [2017-01-18] (UCWeb Inc) <==== ATTENTION
    Task: {DA6618C5-255A-4AAF-8D9E-35EB3FD219B2} - System32\Tasks\Start Registry Reviver for [email protected](logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
    Task: {EF117CAD-9B77-42DC-B329-9414E7DD516F} - System32\Tasks\Tolzermght Adapter => C:\Program Files\Kugshcoijich\ckersiward.exe [2017-02-07] (Glarysoft Ltd)
    Task: {FE17B942-EEE0-4071-BDA8-A12F1C05231B} - System32\Tasks\{75D45EB0-620A-4A45-89CB-202EF1054DB6} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d076f59cac145b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d093f73f14b8b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f2eb9e8a064.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d17acab00ca3d9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1d774da17be96.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1c96b76750e9391.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d076f59f224db5.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d093f6df30a7ef.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d13979c826472a.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d17c18fa5ce246.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
    Shortcut: C:\Users\john\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70966059361d4c09\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
    AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation [63]
    AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation [63]
    AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\john:Heroes & Generals [38]
    AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]
    AlternateDataStreams: C:\ProgramData\TEMP:1CB4A530 [114]
    AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [236]
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
    AlternateDataStreams: C:\ProgramData\TEMP:6152D44C [128]
    AlternateDataStreams: C:\ProgramData\TEMP:77FB1B64 [104]
    AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [294]
    AlternateDataStreams: C:\ProgramData\TEMP:9D1B94FD [135]
    AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [206]
    AlternateDataStreams: C:\Users\john\AppData\Local\Temporary Internet Files:1zTcQognA0ENzQJ1VlX1f0z2BdT [2238]
    C:\Users\john\AppData\Roaming\Cujercult
    C:\Program Files\Tolzermght Adapter
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    *****************

    Processes closed successfully.
    "C:\Users\john\AppData\Local\NFS Underground 2" => was unlocked
    "C:\Program Files\UCBrowser" => not found.
    "C:\Program Files\Tolzermght Adapter" => was unlocked
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\4sb5o2kd => key removed successfully.
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order 4sb5o2kd => removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{54AAFC92-EABC-11E6-A1B6-64006A5CFC23} => value removed successfully.
    HKCR\CLSID\{54AAFC92-EABC-11E6-A1B6-64006A5CFC23} => key not found.
    HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key not found.
    HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key not found.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} => key not found.
    HKCR\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} => key not found.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key not found.
    HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key not found.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => key removed successfully.
    HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => key not found.
    Firefox "newtab" removed successfully.
    Firefox DefaultSearchEngine removed successfully.
    Firefox SelectedSearchEngine removed successfully.
    Firefox "homepage" removed successfully.
    C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\4sb5o2kd.xml => moved successfully
    C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\findit.xml => moved successfully
    HKLM\Software\MozillaPlugins\@java.com/JavaPlugin => key not found.
    "C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll" => not found.
    HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin => key removed successfully.
    Chrome HomePage => removed successfully.
    Chrome DefaultSearchURL => removed successfully.
    Chrome DefaultSearchKeyword => removed successfully.
    UCBrowserSvc => service not found.
    HKLM\System\CurrentControlSet\Services\NMIndexingService => key removed successfully.
    NMIndexingService => service removed successfully.
    HKLM\System\CurrentControlSet\Services\sfdrv01 => key removed successfully.
    sfdrv01 => service removed successfully.
    sfhlp02 => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\sfhlp02 => key removed successfully.
    sfhlp02 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\sfsync02 => key removed successfully.
    sfsync02 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\sfvfs02 => key removed successfully.
    sfvfs02 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ewusbmbb => key removed successfully.
    ewusbmbb => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ew_hwusbdev => key removed successfully.
    ew_hwusbdev => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ew_usbenumfilter => key removed successfully.
    ew_usbenumfilter => service removed successfully.
    HKLM\System\CurrentControlSet\Services\huawei_cdcacm => key removed successfully.
    huawei_cdcacm => service removed successfully.
    HKLM\System\CurrentControlSet\Services\huawei_enumerator => key removed successfully.
    huawei_enumerator => service removed successfully.
    HKLM\System\CurrentControlSet\Services\huawei_ext_ctrl => key removed successfully.
    huawei_ext_ctrl => service removed successfully.
    HKLM\System\CurrentControlSet\Services\huawei_wwanecm => key removed successfully.
    huawei_wwanecm => service removed successfully.
    HKLM\System\CurrentControlSet\Services\hwdatacard => key removed successfully.
    hwdatacard => service removed successfully.
    HKLM\System\CurrentControlSet\Services\hwusbdev => key removed successfully.
    hwusbdev => service removed successfully.
    HKLM\System\CurrentControlSet\Services\hwusb_cdcacm => key removed successfully.
    hwusb_cdcacm => service removed successfully.
    HKLM\System\CurrentControlSet\Services\hwusb_wwanecm => key removed successfully.
    hwusb_wwanecm => service removed successfully.
    HKLM\System\CurrentControlSet\Services\IntcAzAudAddService => key removed successfully.
    IntcAzAudAddService => service removed successfully.
    HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully.
    Synth3dVsc => service removed successfully.
    HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully.
    tsusbhub => service removed successfully.
    HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully.
    VGPU => service removed successfully.
    HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully.
    xhunter1 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\xspirit => key removed successfully.
    xspirit => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ztemtusbser => key removed successfully.
    ztemtusbser => service removed successfully.
    C:\Windows\system32\_system.ini => moved successfully
    C:\Program Files\Top Password => moved successfully
    C:\Users\john\AppData\Roaming\agent.dat => moved successfully
    C:\Users\john\AppData\Roaming\ZooSiling.tst => moved successfully
    C:\Users\john\AppData\Roaming\noah.dat => moved successfully
    C:\Users\john\AppData\Roaming\lobby.dat => moved successfully
    C:\Users\john\AppData\Roaming\Silverfix.tst => moved successfully
    C:\Users\john\AppData\Roaming\Config.xml => moved successfully
    C:\Users\john\AppData\Roaming\ApplicationHosting.dat => moved successfully
    C:\Users\john\AppData\Roaming\Main.dat => moved successfully
    C:\Users\john\AppData\Roaming\md.xml => moved successfully
    C:\Users\john\AppData\Roaming\ZooSiling.exe => moved successfully
    C:\Users\john\AppData\Roaming\Silverfix.exe => moved successfully
    C:\Users\john\AppData\Roaming\InstallationConfiguration.xml => moved successfully
    C:\Users\john\AppData\Roaming\Installer.dat => moved successfully
    C:\Users\john\AppData\Roaming\Cujercult => moved successfully
    C:\Users\john\AppData\Local\Tepidom => moved successfully
    C:\ProgramData\Avira => moved successfully
    C:\ProgramData\Avg => moved successfully
    C:\ProgramData\AVAST Software => moved successfully
    C:\Program Files\Tolzermght Adapter => moved successfully
    C:\Program Files\Kugshcoijich => moved successfully
    C:\Windows\Tasks\UCBrowserUpdater.job => moved successfully
    C:\ProgramData\Unity => moved successfully
    C:\Users\john\AppData\Roaming\Unity => moved successfully
    "C:\Program Files\UCBrowser" => not found.
    "C:\Users\john\AppData\Roaming\agent.dat" => not found.
    "C:\Users\john\AppData\Roaming\ApplicationHosting.dat" => not found.
    "C:\Users\john\AppData\Roaming\Config.xml" => not found.
    "C:\Users\john\AppData\Roaming\InstallationConfiguration.xml" => not found.
    "C:\Users\john\AppData\Roaming\Installer.dat" => not found.
    "C:\Users\john\AppData\Roaming\lobby.dat" => not found.
    "C:\Users\john\AppData\Roaming\Main.dat" => not found.
    "C:\Users\john\AppData\Roaming\md.xml" => not found.
    "C:\Users\john\AppData\Roaming\noah.dat" => not found.
    "C:\Users\john\AppData\Roaming\Silverfix.exe" => not found.
    "C:\Users\john\AppData\Roaming\Silverfix.tst" => not found.
    C:\Users\john\AppData\Roaming\uninstall_temp.ico => moved successfully
    "C:\Users\john\AppData\Roaming\ZooSiling.exe" => not found.
    "C:\Users\john\AppData\Roaming\ZooSiling.tst" => not found.
    C:\Users\john\AppData\Local\NFS Underground 2 => moved successfully
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 5\Simon Magazine 5" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 4\Simon Magazine 4" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 3\Simon Magazine 3" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 2\Simon Magazine 2" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 1\Simon Magazine 1" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 3\Simon DVD 3" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 2\Simon DVD 2" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 1\Simon DVD 1" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\Simon\Simon" => not found.
    "C:\Users\john\AppData\Local\NFS Underground 2\N\N" => not found.
    C:\Users\john\AppData\Local\Temp\drm_dyndata_7380007.dll => moved successfully
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key not found.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully.
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E242664-FBC9-486F-A50D-67464DA8D8A9} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E242664-FBC9-486F-A50D-67464DA8D8A9} => key removed successfully.
    C:\Windows\System32\Tasks\{CEED2990-1686-4541-94BC-A4FC1A09C2CA} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEED2990-1686-4541-94BC-A4FC1A09C2CA} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88B98B1B-E8C9-4F88-8724-763D37211FB5} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88B98B1B-E8C9-4F88-8724-763D37211FB5} => key removed successfully.
    C:\Windows\System32\Tasks\UCBrowserUpdater => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA6618C5-255A-4AAF-8D9E-35EB3FD219B2} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA6618C5-255A-4AAF-8D9E-35EB3FD219B2} => key removed successfully.
    C:\Windows\System32\Tasks\Start Registry Reviver for [email protected](logon) => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Registry Reviver for [email protected](logon) => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF117CAD-9B77-42DC-B329-9414E7DD516F} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF117CAD-9B77-42DC-B329-9414E7DD516F} => key removed successfully.
    C:\Windows\System32\Tasks\Tolzermght Adapter => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tolzermght Adapter => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE17B942-EEE0-4071-BDA8-A12F1C05231B} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE17B942-EEE0-4071-BDA8-A12F1C05231B} => key removed successfully.
    C:\Windows\System32\Tasks\{75D45EB0-620A-4A45-89CB-202EF1054DB6} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75D45EB0-620A-4A45-89CB-202EF1054DB6} => key removed successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d076f59cac145b.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d093f73f14b8b0.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f2eb9e8a064.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d17acab00ca3d9.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1d774da17be96.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1c96b76750e9391.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d076f59f224db5.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d093f6df30a7ef.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d13979c826472a.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d17c18fa5ce246.job => moved successfully
    C:\Windows\Tasks\UCBrowserUpdater.job => not found.
    C:\Users\john\Desktop\Gооglе Сhrоmе.lnk => not found.
    C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
    C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk => moved successfully
    C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk => moved successfully
    C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk => not found.
    C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70966059361d4c09\Gооglе Сhrоmе.lnk => moved successfully
    C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
    C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => not found.
    C:\Windows\system32\zlib.dll => ":DocumentSummaryInformation" ADS could not remove.
    C:\Windows\system32\zlib.dll => ":SummaryInformation" ADS could not remove.
    C:\Windows\system32\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
    C:\Users\john => ":Heroes & Generals" ADS removed successfully..
    C:\ProgramData\CLDShowX.ini => ":Update.CL" ADS removed successfully..
    C:\ProgramData\TEMP => ":1CB4A530" ADS removed successfully..
    C:\ProgramData\TEMP => ":553CA6CA" ADS removed successfully..
    C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully..
    C:\ProgramData\TEMP => ":6152D44C" ADS removed successfully..
    C:\ProgramData\TEMP => ":77FB1B64" ADS removed successfully..
    C:\ProgramData\TEMP => ":862BDB1A" ADS removed successfully..
    C:\ProgramData\TEMP => ":9D1B94FD" ADS removed successfully..
    C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully..
    C:\Users\john\AppData\Local\Temporary Internet Files => ":1zTcQognA0ENzQJ1VlX1f0z2BdT" ADS removed successfully..
    "C:\Users\john\AppData\Roaming\Cujercult" => not found.
    "C:\Program Files\Tolzermght Adapter" => not found.

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

    ========= End of CMD: =========

     

    The system needed a reboot.

    ==== End of Fixlog 20:52:58 ====

     

    FRST Log:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2017
    Ran by john (administrator) on SIMONRJ (11-02-2017 20:56:17)
    Running from C:\Users\john\Desktop
    Loaded Profiles: john (Available Profiles: john)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    () F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
    HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
    HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [687336 2014-05-23] (Zbshareware Lab)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNTA0MTQzMjE0LVFJWDErNC1YMjAxMCsyLUxJQysyLVNQMSsxLVNVU (the data entry has 65 more characters).
    HKLM\...\Policies\Explorer: [UseDefaultTile] 0
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Policies\system: [NoDispCPL] 0
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: I - I:\autorun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {09188fee-04a8-11e6-9b69-4487fcab4607} - H:\Setup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {09188ff6-04a8-11e6-9b69-4487fcab4607} - H:\Setup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {1338a56d-d769-11dd-92db-4487fcab4607} - H:\Setup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {1895f0f4-d769-11dd-9f14-02030f513535} - H:\SISetup.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {39502bf7-433d-11e6-acea-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {4145d62e-d7b9-11dd-a875-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {6cf5b879-d8ac-11dd-80f5-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {ac57d268-d7e2-11dd-adb8-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {aca8c064-8228-11e4-99e2-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {f52afa20-515d-11e4-9969-4487fcab4607} - H:\AutoRun.exe
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{0D16E4CC-90FE-4D1B-B557-562D0CF891E1}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{286B131A-7D0F-4737-BF0E-86AA2B5144A5}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{8E24635A-2D1A-4802-8AAF-B37E96EC1215}: [DhcpNameServer] 192.168.137.129
    Tcpip\..\Interfaces\{B7434BC1-CC3D-4888-B2DB-60B673FE2DC4}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{D87F4CD1-3BA6-437E-B506-C8F478554483}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{DF8FA5EE-8347-41FD-9A12-AF1B977B440B}: [DhcpNameServer] 192.168.42.129
    ManualProxies: 0hxxp://un-blocking.info/wpad.dat?ae70e6ebbad117b2dd34bf9cf8bd1b3217766709

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131311198838699962&GUID=43784583-9414-4D3C-887F-6C5892FAC77B
    SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)
    Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()

    FireFox:
    ========
    FF DefaultProfile: 84cizlnl.default
    FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default [2017-02-11]
    FF NewTab: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.NT
    FF Homepage: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.HP
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-18] (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-18] (NVIDIA Corporation)
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-13] (Pando Networks)
    FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2010-10-03] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2010-10-03] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2010-10-03] (RealNetworks, Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: @tools.google.com/Google Update;version=3 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: @tools.google.com/Google Update;version=9 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-13] (Pando Networks)
    FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-26] (Ubisoft)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Users\john\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll => No File
    CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
    CHR Extension: (Free Download Manager Chrome extension) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-01-02]
    CHR Extension: (Galaxy-View) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbeddldohkakodfncjnkkjfojggbahp [2017-02-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
    CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2010-05-04] (Avid Technology, Inc.) [File not signed]
    S4 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [249104 2016-10-06] (EasyAntiCheat Ltd)
    S3 EvoSvc; F:\EVL\EvoSvc.exe [1583488 2016-12-28] (Echobit LLC)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-10-19] (NVIDIA Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-10-19] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-10-19] (NVIDIA Corporation)
    S4 PinnacleUpdateSvc; C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2015-06-22] (PowerUp Software, LLC) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2017-01-21] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 athsgt; C:\Windows\System32\DRIVERS\athsgt.sys [164992 2013-03-29] () [File not signed]
    S3 BTCAMDRV; C:\Windows\System32\DRIVERS\BTCamDrv.sys [219136 2006-01-11] (Windows ® 2000 DDK provider) [File not signed]
    R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2016-03-12] (Echobit, LLC)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2016-11-11] (LogMeIn, Inc.)
    S3 hid7906; C:\Windows\System32\drivers\hid7906.sys [53793 2006-06-28] (Compuware Corporation) [File not signed]
    R2 limsgt; C:\Windows\System32\DRIVERS\limsgt.sys [12544 2013-03-29] () [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-10-19] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-08-04] (NVIDIA Corporation)
    R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
    S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [205312 2016-08-30] (QUALCOMM Incorporated)
    S3 qrkis; C:\Windows\System32\DRIVERS\qrkis.sys [45608 2010-11-17] (Tether)
    R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
    S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC)
    R2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [12528 2016-10-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-03-25] () [File not signed]
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-11 20:56 - 2017-02-11 20:57 - 00014880 _____ C:\Users\john\Desktop\FRST.txt
    2017-02-11 20:55 - 2017-02-11 20:56 - 00000000 ____D C:\Users\john\Desktop\FRST
    2017-02-11 20:52 - 2017-02-11 20:52 - 00036932 _____ C:\Users\john\Desktop\Fixlog.txt
    2017-02-11 20:52 - 2017-02-11 20:52 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
    2017-02-11 12:08 - 2017-02-11 20:26 - 00000278 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-02-11 11:57 - 2017-02-11 11:57 - 00001323 _____ C:\Users\john\Desktop\JRT.txt
    2017-02-11 11:54 - 2017-02-11 11:49 - 00016434 _____ C:\Users\john\Desktop\AdwCleaner[C0].txt
    2017-02-11 11:45 - 2017-02-11 20:52 - 01763328 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
    2017-02-11 11:44 - 2017-02-11 11:45 - 01663040 _____ (Malwarebytes) C:\Users\john\Desktop\JRT.exe
    2017-02-11 11:44 - 2017-02-11 11:44 - 04015056 _____ C:\Users\john\Desktop\AdwCleaner.exe
    2017-02-11 11:34 - 2017-02-11 11:34 - 00000000 _____ C:\Windows\system32\__00159B70__C0000005.dmp
    2017-02-11 09:02 - 2017-02-11 09:02 - 00006644 _____ C:\Users\john\Documents\junk.txt
    2017-02-11 09:02 - 2017-02-11 09:02 - 00006644 _____ C:\junk.txt
    2017-02-11 09:01 - 2017-02-11 09:01 - 00007728 _____ C:\Users\john\Documents\System Idle Process.txt
    2017-02-11 08:54 - 2017-02-11 08:54 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\john\Desktop\procexp.exe
    2017-02-11 08:52 - 2017-02-11 08:52 - 00006405 _____ C:\Users\john\Documents\VEW-Application.txt
    2017-02-11 08:51 - 2017-02-11 08:51 - 00006231 _____ C:\Users\john\Documents\VEW-System.txt
    2017-02-11 08:50 - 2017-02-11 08:52 - 00006405 _____ C:\VEW.txt
    2017-02-11 08:48 - 2017-02-11 08:48 - 00061440 _____ ( ) C:\Users\john\Desktop\VEW.exe
    2017-02-11 08:44 - 2017-02-11 08:44 - 00000000 _____ C:\Windows\system32\__44322530__C0000005.dmp
    2017-02-11 07:20 - 2017-02-11 07:20 - 00000000 _____ C:\Windows\system32\__800064E0__C0000005.dmp
    2017-02-10 23:18 - 2017-02-11 07:36 - 00000549 _____ C:\Users\john\gtg.txt
    2017-02-10 19:59 - 2017-02-10 19:59 - 00000000 _____ C:\Windows\system32\__65746E69__C0000005.dmp
    2017-02-10 19:51 - 2017-02-10 19:51 - 00000000 _____ C:\Windows\system32\__22343735__C0000005.dmp
    2017-02-10 18:45 - 2017-02-10 18:45 - 00000000 _____ C:\Windows\system32\__002563F8__C0000005.dmp
    2017-02-10 16:41 - 2017-02-10 17:13 - 00000000 ____D C:\Program Files\PowerDataRecovery
    2017-02-10 16:41 - 2017-02-10 16:41 - 00001037 _____ C:\Users\Public\Desktop\MiniTool Power Data Recovery 7.0.lnk
    2017-02-10 16:41 - 2017-02-10 16:41 - 00000000 ____D C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _
    2017-02-10 16:41 - 2017-02-10 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
    2017-02-10 16:39 - 2017-02-10 16:39 - 00000000 _____ C:\Windows\system32\__00000001__C0000005.dmp
    2017-02-10 08:24 - 2017-02-10 08:24 - 00000000 _____ C:\Windows\system32\__31303225__C0000005.dmp
    2017-02-01 18:22 - 2017-02-01 18:22 - 00002633 _____ C:\Users\john\Desktop\µTorrent.lnk
    2017-02-01 18:20 - 2017-02-07 17:33 - 00000000 ____D C:\Users\john\AppData\Roaming\uTorrent
    2017-01-31 15:41 - 2017-01-31 15:41 - 00001221 _____ C:\Users\john\Desktop\FarCry2 - Shortcut.lnk
    2017-01-30 15:40 - 2017-01-30 15:40 - 00000823 _____ C:\Users\Public\Desktop\Call of Duty® 2 Singleplayer.lnk
    2017-01-30 15:40 - 2017-01-30 15:40 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty® 2
    2017-01-30 15:40 - 2017-01-30 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty® 2
    2017-01-29 19:21 - 2017-01-29 19:21 - 25322013 _____ C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _ (1).7z
    2017-01-29 15:48 - 2017-01-29 15:50 - 25322013 _____ C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _.7z
    2017-01-28 18:18 - 2017-01-28 18:18 - 00000644 _____ C:\Users\john\Desktop\samp - Shortcut.lnk
    2017-01-28 09:45 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2017-01-27 16:03 - 2017-01-27 16:05 - 00000000 ____D C:\Users\john\Documents\Battlefield 3
    2017-01-17 20:15 - 2017-01-17 20:15 - 00000000 ____D C:\Program Files\AGEIA Technologies
    2017-01-17 20:14 - 2017-01-17 03:37 - 03130440 _____ C:\Windows\system32\pbsvc_blr.exe
    2017-01-17 19:54 - 2017-01-26 19:27 - 00000000 ____D C:\Users\john\Documents\TrackMania
    2017-01-17 19:54 - 2017-01-24 14:46 - 00000000 ____D C:\ProgramData\TrackMania
    2017-01-16 02:14 - 2017-01-16 02:14 - 00000216 _____ C:\Users\john\Desktop\Cry of Fear.url

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-11 20:56 - 2015-05-12 20:04 - 00000000 ____D C:\FRST
    2017-02-11 20:54 - 2012-07-08 19:59 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-02-11 20:54 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-02-11 20:42 - 2011-01-30 14:35 - 00000000 ____D C:\Program Files\Google
    2017-02-11 20:37 - 2016-01-08 19:54 - 00000000 ____D C:\jdk1.2.2
    2017-02-11 20:32 - 2009-07-14 10:04 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-02-11 20:32 - 2009-07-14 10:04 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-02-11 11:49 - 2015-05-13 17:04 - 00000000 ____D C:\AdwCleaner
    2017-02-11 11:48 - 2010-10-03 17:55 - 00000000 ____D C:\Users\john\AppData\Roaming\Yahoo!
    2017-02-11 11:39 - 2011-05-04 08:32 - 15636086 _____ C:\Windows\system32\perfh00C.dat
    2017-02-11 11:39 - 2011-05-04 08:32 - 15420442 _____ C:\Windows\system32\perfh001.dat
    2017-02-11 11:39 - 2011-05-04 08:32 - 05256696 _____ C:\Windows\system32\perfc00C.dat
    2017-02-11 11:39 - 2011-05-04 08:32 - 05219150 _____ C:\Windows\system32\perfc001.dat
    2017-02-11 11:39 - 2010-10-03 17:36 - 00006648 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-10 23:18 - 2010-10-03 17:33 - 00000000 ____D C:\Users\john
    2017-02-10 22:39 - 2016-06-15 10:12 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-02-10 20:12 - 2014-12-04 12:32 - 00000000 ____D C:\Users\john\AppData\Local\CrashDumps
    2017-02-10 08:23 - 2002-10-07 00:07 - 00119296 _____ C:\Windows\system32\zlib.dll
    2017-02-09 19:01 - 2009-01-01 00:02 - 00002085 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
    2017-02-08 21:28 - 2010-10-03 18:07 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
    2017-02-07 15:51 - 2016-10-11 11:45 - 00000000 ____D C:\Users\john\AppData\LocalLow\uTorrent
    2017-02-07 15:49 - 2015-05-22 21:32 - 00000000 ____D C:\Program Files\AVS4YOU
    2017-02-07 15:49 - 2013-03-21 10:32 - 00000000 ___RD C:\Program Files\TypingMaster
    2017-02-07 15:49 - 2012-05-15 19:49 - 00000000 ____D C:\Program Files\ReflexiveArcade
    2017-02-07 15:49 - 2011-11-09 14:15 - 00000000 ____D C:\Program Files\UBISOFT
    2017-02-07 15:24 - 2013-10-30 18:42 - 00000000 ____D C:\Program Files\Steam
    2017-02-03 17:27 - 2014-04-26 21:26 - 00000000 ____D C:\Users\john\AppData\Local\NVIDIA Corporation
    2017-01-31 14:40 - 2009-07-14 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-01-31 14:38 - 2010-10-03 17:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2017-01-31 14:33 - 2016-07-06 20:07 - 00000000 ____D C:\Program Files\Common Files\InstallShield
    2017-01-30 15:46 - 2010-10-09 13:08 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2017-01-24 18:05 - 2011-05-29 07:34 - 00000000 ____D C:\Program Files\Common Files\Steam
    2017-01-21 12:24 - 2016-10-16 20:47 - 00282696 _____ C:\Windows\system32\PnkBstrB.exe
    2017-01-21 12:24 - 2016-10-16 20:47 - 00139848 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
    2017-01-21 12:24 - 2016-10-16 20:47 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
    2017-01-21 12:24 - 2014-05-27 17:54 - 00282696 _____ C:\Windows\system32\PnkBstrB.xtr
    2017-01-21 12:24 - 2013-01-04 17:43 - 00000000 ____D C:\Users\john\AppData\Roaming\Ubisoft
    2017-01-21 12:24 - 2012-06-05 18:25 - 00000000 ____D C:\Users\john\AppData\Local\PunkBuster
    2017-01-21 12:23 - 2013-08-25 08:19 - 00000000 ____D C:\Users\john\AppData\Local\Ubisoft Game Launcher
    2017-01-21 12:23 - 2010-11-25 22:16 - 00000000 ___RD C:\Users\john\Desktop\HTML DOC
    2017-01-21 11:38 - 2016-12-24 14:20 - 00000000 ____D C:\Users\john\Documents\Ubisoft
    2017-01-17 20:19 - 2013-11-14 18:24 - 00000000 ____D C:\Users\john\Documents\My Games
    2017-01-17 20:15 - 2013-09-28 17:40 - 00138056 _____ C:\Users\john\AppData\Roaming\PnkBstrK.sys
    2017-01-17 20:15 - 2012-07-08 19:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2017-01-17 20:14 - 2015-07-01 12:31 - 00189248 _____ C:\Windows\system32\PnkBstrB.ex0
    2017-01-16 13:48 - 2016-10-04 16:15 - 00000000 ____D C:\Users\john\AppData\Local\Free Download Manager

    ==================== Files in the root of some directories =======

    2012-06-27 21:24 - 2012-06-27 21:24 - 0000288 _____ () C:\Users\john\AppData\Roaming\.backup.dm
    2011-12-27 20:15 - 2016-04-28 11:42 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2011-06-26 18:38 - 2016-04-23 19:34 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe GIF Format CS5 Prefs
    2011-12-27 20:16 - 2016-06-17 19:17 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2015-03-03 21:15 - 2016-04-21 20:40 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe Targa Format CS5 Prefs
    2015-05-24 06:11 - 2015-05-24 06:11 - 0000048 _____ () C:\Users\john\AppData\Roaming\msdreg.dat
    2013-09-28 17:40 - 2017-01-17 20:15 - 0138056 _____ () C:\Users\john\AppData\Roaming\PnkBstrK.sys
    2011-05-12 18:05 - 2011-05-12 18:05 - 0000057 _____ () C:\Users\john\AppData\Roaming\temp.bat
    2010-10-03 18:07 - 2011-02-25 19:32 - 5046202 _____ () C:\Users\john\AppData\Roaming\UserTile.png
    2013-08-21 20:26 - 2015-04-26 04:41 - 0000178 _____ () C:\Users\john\AppData\Roaming\WB.CFG
    2013-08-21 20:26 - 2014-01-16 14:09 - 0000005 _____ () C:\Users\john\AppData\Roaming\WBPU-TTL.DAT
    2016-01-14 23:11 - 2016-01-14 23:11 - 0001456 _____ () C:\Users\john\AppData\Local\Adobe Save for Web 12.0 Prefs
    2010-10-08 18:36 - 2009-01-01 16:20 - 0068608 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-09 20:50 - 2012-05-09 20:50 - 0000092 _____ () C:\Users\john\AppData\Local\fusioncache.dat
    2014-01-13 18:44 - 2015-07-20 16:00 - 0007599 _____ () C:\Users\john\AppData\Local\resmon.resmoncfg
    2013-08-02 16:49 - 2016-01-14 23:18 - 0000080 _____ () C:\Users\john\AppData\Local\X-Plane Installer.prf
    2011-05-05 21:11 - 2011-05-06 08:38 - 0000000 _____ () C:\ProgramData\CLDShowX.ini
    2010-10-03 17:50 - 2016-08-02 17:11 - 0026596 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-04 07:52

    ==================== End of FRST.txt ============================

     

    Addition Log:

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-02-2017
    Ran by john (11-02-2017 20:57:55)
    Running from C:\Users\john\Desktop
    Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2010-10-03 12:02:53)
    Boot Mode: Normal
    ==========================================================

     

    ==================== Accounts: =============================

    323A7CE5D4B04CFABF56 (S-1-5-21-2280821914-3189600555-3011743376-1007 - Limited - Enabled)
    Administrator (S-1-5-21-2280821914-3189600555-3011743376-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2280821914-3189600555-3011743376-1002 - Limited - Enabled)
    Guest (S-1-5-21-2280821914-3189600555-3011743376-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2280821914-3189600555-3011743376-1011 - Limited - Enabled)
    john (S-1-5-21-2280821914-3189600555-3011743376-1000 - Administrator - Enabled) => C:\Users\john

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.149 - Adobe Systems Incorporated)
    Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    Avid Audio Drivers (x86) (HKLM\...\{2F227ACA-204C-4529-BA33-D095C42C72DB}) (Version: 8.0.4 - Avid)
    AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
    Bandicam (HKLM\...\Bandicam) (Version: 1.9.2.454 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
    Call of Duty® 2 °²×°³ÌÐò (HKLM\...\Call of Duty® 2 °²×°³ÌÐò) (Version:  - )
    Call of Duty® 2 Patch 1.3 (Version: 1.3 - ) Hidden
    Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version:  - )
    Construct 2 r228 (HKLM\...\Construct 2_is1) (Version: 1.0.228.0 - Scirra)
    Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
    CRYENGINE Launcher (HKLM\...\{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}) (Version: 1.0.0 - Crytek GmbH)
    DDS Viewer (HKLM\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version:  - IdeaMK)
    Easy2Convert BMP to DDS 1.8 (HKLM\...\{D169AB78-E429-4D88-A8F1-31ECC3990518}_is1) (Version: 1.8 - Easy2Convert Software)
    Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
    Far Cry 2 (HKLM\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
    FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
    FPI SCRIPTER II (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\8deeb6b52bbb74a0) (Version: 2.0.0.3 - GREGON STUDIOS)
    FPS Creator Free (HKLM\...\{800218C2-2E07-461C-85D6-8FDB4F9161D9}) (Version:  - )
    FPS Creator Model Pack - 10 (HKLM\...\{24EB39DB-B958-413D-818E-C0875101C96B}) (Version:  - )
    FPS Creator Model Pack - 11 (HKLM\...\{15014839-85AF-439E-9C3C-A93BB74957B1}) (Version:  - )
    FPS Creator Model Pack - 12 (HKLM\...\{E189B3B5-487D-430E-8668-A77CEF120F2D}) (Version:  - )
    FPS Creator Model Pack - 13 (HKLM\...\{09847DC5-6C6D-45CD-AE31-CD27CE1FE48F}) (Version:  - )
    FPS Creator Model Pack - 16 (HKLM\...\{BDB48672-B567-4A4B-989E-0A7C2E220B6F}) (Version:  - )
    FPS Creator Model Pack - 2 (HKLM\...\{3B78E403-D116-4C56-9D1E-4C245AFC82D9}) (Version:  - )
    FPS Creator Model Pack - 21 (HKLM\...\{BB9C6299-5713-4428-B8D0-0C0B2F5C9A0E}) (Version:  - )
    FPS Creator Model Pack - 22 (HKLM\...\{38FC732E-764D-46A2-A79E-A4E484130A3B}) (Version:  - )
    FPS Creator Model Pack - 28 (HKLM\...\{A9802493-BA56-4304-A2F3-EDF7D35FBA5D}) (Version:  - )
    FPS Creator Model Pack - 6 (HKLM\...\{F964E0BB-3AD6-4188-B985-453037BE8FFD}) (Version:  - )
    FPS Creator Model Pack - 7 (HKLM\...\{F6D05799-9659-48CD-8B8A-1AC424A572A9}) (Version:  - )
    FPS Creator Model Pack - 9 (HKLM\...\{444E3FAE-DC6D-498B-BF98-6B6B61CA46D9}) (Version:  - )
    FPS Creator Model Pack 49 (HKLM\...\{D034FB9F-35E5-4DFC-8143-D8CB9BD477AB}) (Version:  - )
    FPS Creator Model Pack 53 (HKLM\...\{B76BB8C6-EE9B-49CC-9141-862856BC5EE5}) (Version:  - )
    FPS Creator Model Pack 55 (HKLM\...\{884AC351-768E-4F23-8DC1-06E9E47CF36F}) (Version:  - )
    FPS Creator Model Pack 57 (HKLM\...\{BCA7929A-91E9-4580-8523-6F2010599874}) (Version:  - )
    FPSC Model Pack 52 (Precracked by N2K) (HKLM\...\FPSC Model Pack 52 (Precracked by N2K)) (Version:  - )
    FPSC Model Pack 58 (Precracked by N2K) (HKLM\...\FPSC Model Pack 58 (Precracked by N2K)) (Version:  - )
    FPSC Model Pack 74 (Precracked by N2K) (HKLM\...\FPSC Model Pack 74 (Precracked by N2K)) (Version:  - )
    FPSC Sprite Pack (Precracked by N2K) (HKLM\...\FPSC Sprite Pack (Precracked by N2K)) (Version:  - )
    Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.18.4671 - FreeDownloadManager.ORG)
    GOM Player (HKLM\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
    GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.6.9.9 - Siber Systems)
    Google Photos Backup (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    Gtk# for .Net 2.12.26 (HKLM\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
    Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
    K-Lite Codec Pack 6.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
    L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version:  - )
    Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
    Macro Vibration Joystick (HKLM\...\{36177F72-8181-45D7-95D1-EA5B008A4DC9}) (Version: 2006.05.30 - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Language Interface Pack 2007 - தமிழ் (HKLM\...\{95120000-00FF-0449-0000-0000000FF1CE}) (Version: 12.0.4518.1086 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Updates (HKLM\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    MilkShape 3D 1.8.4 (HKLM\...\MilkShape 3D 1.8.4) (Version: 1.8.4 - chUmbaLum sOft)
    MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
    MP3 Karaoke 6.1.9.a (HKLM\...\119C21A0-FA78-44AE-91B0-C02E39E1829D_is1) (Version:  - Accmeware Corporation)
    MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2.1 - Notepad++ Team)
    NotepadPlusPlusApp (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\NotepadPlusPlusApp) (Version:  - )
    NTI Backup Now Standard (Version: 5.0.101.0 - NewTech Infosystems) Hidden
    NTI Media Maker 8 (Version: 8.0.2.61 - NewTech Infosystems) Hidden
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.00 - NVIDIA Corporation)
    NVIDIA 3D Vision PowerPack - Batman Arkham Asylum (HKLM\...\NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1) (Version:  - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
    NVIDIA Graphics Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.00 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Photoshop Plug-ins (HKLM\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
    NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    OpenAL (HKLM\...\OpenAL) (Version:  - )
    Oxford Dictionary of Idioms and MSDict Viewer (HKLM\...\{D2228D9D-5EB7-415B-A6B8-33C245357F14}) (Version: 3.10.15 - Mobile Systems)
    Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
    PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
    PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
    PeaZip 5.6.0 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
    Photo! 3D Album and Photo! 3D ScreenSaver 1.2 (HKLM\...\My Pictures Editor_is1) (Version:  - )
    Pinnacle Game Profiler (HKLM\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 8.1.7 - PowerUp Software)
    PowerISO (HKLM\...\PowerISO) (Version: 6.0 - Power Software Ltd)
    Project My Screen App (HKLM\...\{C4BD97A3-F893-49F6-8D2D-A535DD661131}) (Version: 8.0.12539 - Microsoft Corporation)
    PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    RAD Video Tools (HKLM\...\RADVideo) (Version:  - )
    RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
    Sentinel Protection Installer 7.4.0 (HKLM\...\{5A180ED5-0AC1-410A-B790-5E0319CD0A93}) (Version: 7.4.0 - SafeNet, Inc.)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
    Software Informer 1.1 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
    Speakonia (HKLM\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
    Speccy (HKLM\...\Speccy) (Version: 1.17 - Piriform)
    Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Tom Clancy's Ghost Recon Future Soldier (HKLM\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.00 - Ubisoft)
    TurboC++ 3.0.7.7c (HKLM\...\TurboC++) (Version: 3.0.7.7c - NeutroNVegetOStrikeR.DbZ)
    Unity (32-bit) (HKLM\...\Unity (32-bit)) (Version: 5.4.2f2 - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Uplay (HKLM\...\Uplay) (Version: 2.1 - Ubisoft)
    USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
    VirtualDJ Home FREE (HKLM\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VSDC Free Video Editor version 3.3.5.411 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.3.5.411 - Flash-Integro LLC)
    WARMODE (HKLM\...\Steam App 391460) (Version:  - WARTEAM)
    Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinPump (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\WinPump) (Version:  - )
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
    WinZip (HKLM\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
    XiaoMiFlash (HKLM\...\{9AF75396-D38E-4F07-831C-9F78923DC015}) (Version: 1.0.0 - XiaoMi)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {005776C8-86D8-4402-AD17-59C0578E23B1} - System32\Tasks\{D0EBE590-B6F1-4214-BB08-FF545DCB3688} => pcalua.exe -a "E:\SOFTWARE INSTALER\My Disc\ADOBE photo e4rPHOTOSHOP_7\_ISDEL.EXE" -d "E:\SOFTWARE INSTALER\My Disc\ADOBE photo e4rPHOTOSHOP_7"
    Task: {006C15ED-5465-4111-9C65-A960A5302918} - System32\Tasks\{CC573B76-0ADE-4291-9322-8DE6D8D3F521} => pcalua.exe -a "F:\SOFTWARE\GAMES\Top Flash Games.exe" -d F:\SOFTWARE\GAMES
    Task: {00E14294-39D0-4D77-A30D-9C4F27EC6212} - System32\Tasks\{E2E6F04F-8332-47A7-9C3C-277E917D850C} => msiexec.exe /package "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
    Task: {0101E141-7531-4607-8700-2CFC5C7C5E74} - System32\Tasks\{3DA55CC3-F90D-4F19-9245-9F9E5657A775} => pcalua.exe -a C:\Users\john\INSTALER\AlienShooterDemo.exe -d C:\Users\john\INSTALER
    Task: {02747C29-7D70-4CDB-B56E-00BBD279A361} - System32\Tasks\{65917F1E-51CC-4798-ADE7-FC90EE47E5CF} => F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe
    Task: {045B2A03-04F0-4308-88D7-FA3727491357} - System32\Tasks\{B34F3067-7FA2-4AA4-86E1-C9B92FFCF122} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0527640A-BEB9-405E-AB8A-F7031F5A69FB} - System32\Tasks\{373596EF-6BEB-4A59-9893-7BADC5DE471A} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe
    Task: {068D3BAB-69ED-42EA-9176-B5F957D39DBE} - System32\Tasks\{05D5DD12-79CD-432E-AA7B-CA1AF787D643} => pcalua.exe -a "C:\Users\john\Downloads\17_Great_Swimming_\Auto Install\Install.exe" -d "C:\Users\john\Downloads\17_Great_Swimming_\Auto Install"
    Task: {070281A5-ADA0-40E5-9FD5-E5BD94525F45} - System32\Tasks\{3474BED7-1749-471A-8394-B20A1B6B38EA} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0949DE31-7A8B-45A8-ADA6-F0C3BB9367A1} - System32\Tasks\{D5B20F17-42FD-4CF3-8950-72771289E203} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0D42D464-2F69-4D0E-81EF-A42EF0813CAC} - System32\Tasks\{76B701D8-57C6-4969-A4F0-7F7863386241} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {0DBA95FA-8263-4F91-B4C2-32D71AF101C3} - System32\Tasks\{D8803875-2248-4E4D-9F79-241B1CC9C237} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\TTL.exe
    Task: {0DC0EF6E-751C-4350-B6F7-3E3A3BB87FD1} - System32\Tasks\GoogleUpdateTaskMachineCore1d076f59cac145b => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {0E7411F5-6348-49AD-B4C3-064804543514} - System32\Tasks\{C7DDDF30-0E92-4CFF-8B94-0183370E4CDA} => pcalua.exe -a "F:\SOFTWARE\GAMES\Alien vs Predator 2\AVP2 (2).exe" -d "F:\SOFTWARE\GAMES\Alien vs Predator 2"
    Task: {0EDEEB1D-A897-402D-8113-DE00B7582B3A} - System32\Tasks\{6D145217-0AF0-45CF-8A3F-02E3D682FB61} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
    Task: {11850158-E530-4D46-8CF5-3FD620CC04E6} - System32\Tasks\{3BD5A81C-357C-4313-9BF3-2B5B30392DC7} => pcalua.exe -a F:\SOFTWARE\Dc_vs_Marvel_Mugen_Edition.exe -d F:\SOFTWARE
    Task: {14B0AF28-5218-4AE5-BAF9-9DC25F0B24F7} - System32\Tasks\{EAC08ADF-E9C8-49DD-83AC-57C21B5D15EE} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {14CDB44D-6E2C-42BC-AD7C-DCFCD8A74F0A} - System32\Tasks\{58662414-4FE4-484A-BD75-5D69CC4180E0} => pcalua.exe -a "F:\SOFTWARE INSTALER\jre-8u74-windows-i586.exe" -d "F:\SOFTWARE INSTALER"
    Task: {16E0068D-B96B-4FFF-BB24-40518C548DC3} - System32\Tasks\{D6B4C2A5-E948-4792-8870-5A45FE470DAA} => F:\SOFTWARE INSTALER\MY GAMES INSTALLER\GUN HOLDER\GUN HOLDER\GUN HOLDER.exe
    Task: {1957A7E5-C49E-4504-BE5F-30445AF5796A} - System32\Tasks\{B94FBA8D-0DE7-45CD-AB46-FCBB36C23882} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {1AA50F3A-A2F0-4F6C-A9A0-28F98330373C} - System32\Tasks\{13827CAE-AD2F-41FB-B0B9-73801A749CDD} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPSCreatorModelPack13\FPS Creator - Model Pack 13.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPSCreatorModelPack13"
    Task: {1DE7E31A-E479-431B-BE5F-D00F615E51AA} - System32\Tasks\{84A38175-6D8F-41F6-941C-767A737E64B0} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\Project IGI\SETUP.EXE
    Task: {22893088-13B9-4C76-91D8-6ACE60CE1810} - System32\Tasks\{F20F6670-957C-4BEC-ADCB-F5B5891DDBB9} => pcalua.exe -a "C:\Users\john\Downloads\Hitman 1, kkabod\Hitman 1\Setup.exe" -d "C:\Users\john\Downloads\Hitman 1, kkabod\Hitman 1"
    Task: {253338D3-59CB-4CDB-A840-A79583B69EF2} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f2eb9e8a064 => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {2684E7FE-60BB-4184-8F8F-569C806D0B79} - System32\Tasks\{C9E2F816-9295-4429-A9B2-B80E75445146} => pcalua.exe -a "F:\SOFTWARE\GAMES\GTA COLL\Grand Theft Auto3_LC\SETUP.exe" -d "F:\SOFTWARE\GAMES\GTA COLL\Grand Theft Auto3_LC"
    Task: {28E25B2A-C6FE-465B-B4AA-3A27D86563F8} - System32\Tasks\{01FF9B5F-2602-4C45-A7F3-47289E67B5E2} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {299149E4-FDBF-4FD9-8BEF-879AA99AB250} - System32\Tasks\{B1FDACF6-148E-4DCA-842A-3D10CEABDD9B} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\BONUS\HIDDEN OBJECT GAMES\Mystery of Cleopatra\Mystery of Cleopatra.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\BONUS\HIDDEN OBJECT GAMES\Mystery of Cleopatra"
    Task: {2C069DDC-612C-495C-A1D7-78A68DEE608A} - System32\Tasks\FreeDownloadManagerNetworkMonitor => F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe [2016-09-09] ()
    Task: {2CFDA930-6F43-4B1F-B84E-3FDEF3C44E98} - System32\Tasks\{BC31B78F-1547-46B1-889F-913727111AA1} => pcalua.exe -a "C:\Program Files\EA Games\Need for Speed Undercover\setup.exe" -d "C:\Program Files\EA Games\Need for Speed Undercover"
    Task: {2DF18C6A-34B9-4A35-8AB0-5373241A0622} - System32\Tasks\{F7ED27F1-E176-415D-AA45-1DFE490C03C1} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {2E22A60F-F154-41D1-B401-A4772885ADBF} - System32\Tasks\{4E96D605-1490-4D48-B729-E3B23EA7EC25} => pcalua.exe -a "C:\Program Files\Smart File Advisor\sfa.exe" -d F:\SOFTWARE\GAMES\3rdp_beta -c /unknown "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
    Task: {313CB86D-C90C-4F39-889E-C4BAC0ABD0E8} - System32\Tasks\{A925D1FB-B4EA-4396-9C17-7B1EDD5745F3} => pcalua.exe -a C:\Users\john\Downloads\ultimatevicecity2.exe -d C:\Users\john\Downloads
    Task: {330ACDB0-7493-47B2-9AAB-E654DF779E17} - System32\Tasks\{48D7B5B3-1279-4B5C-8504-AEA7C8E2B17F} => pcalua.exe -a C:\Users\john\INSTALER\FlashGamesSetup.exe -d C:\Users\john\INSTALER
    Task: {340D07C2-FE8C-4B49-8D0F-549983812E97} - System32\Tasks\{E8B3B7CB-4E71-404A-AC85-772E8BDB0525} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Program Files\CarReplacer\ST6UNST.LOG"
    Task: {37673D8C-2F02-47B9-A5BD-145CD49249BF} - System32\Tasks\{E67EDB00-4570-4AE0-B4BF-E405965C34B5} => pcalua.exe -a "F:\SOFTWARE\GAMES\Installer\Spider-Man Friend or Foe\SMFOF\Setup.exe" -d "F:\SOFTWARE\GAMES\Installer\Spider-Man Friend or Foe\SMFOF"
    Task: {393C1257-649D-47F0-A101-BD834985DA72} - System32\Tasks\{41C103E3-1011-4BE6-A9F7-5C53F3F1AF54} => pcalua.exe -a "E:\GAMES INSTALER\(pc game) alien shooter [full]\(pc game) alien shooter [full].exe" -d "E:\GAMES INSTALER\(pc game) alien shooter [full]"
    Task: {3A3B9F4B-A924-4DBD-81B0-9042726F1B36} - System32\Tasks\{A515301F-0A35-42AB-A1CB-31A3B8207EAF} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {3A875C8A-B833-41C3-827F-FFACD85EE7A6} - System32\Tasks\{1D9255C1-19D5-449D-96CF-2E811CEC2D96} => pcalua.exe -a "F:\SOFTWARE\Cricket Revolution Setup.exe" -d F:\SOFTWARE
    Task: {3B974FC3-C22C-4F8A-B359-1EB6BCCB4D6A} - System32\Tasks\{B2020C4E-912F-4121-A78E-2EC8C9018D1E} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {3C0207C6-DAF3-4B7E-A9D7-13DA6B7079D7} - System32\Tasks\{2B87E4CF-D890-4B2A-BB55-5A09775410CC} => pcalua.exe -a F:\SOFTWARE\GAMES\RE4\launcher.exe -d C:\Users\john\Desktop
    Task: {3C0B7918-0449-4DE7-92F2-877C54E67BBA} - System32\Tasks\{4312A229-D5B1-4C9A-B277-46046257274E} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {3D76DDC2-A193-495F-A217-75D8D11B2843} - System32\Tasks\GoogleUpdateTaskMachineCore1d016506776cf4c => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {3DB81F54-7B85-419E-90B9-C84C32B25685} - System32\Tasks\{48FC324A-1FE4-40A6-87E7-1F5C3DCBB3BA} => pcalua.exe -a "F:\SOFTWARE\Sci-fi\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d F:\SOFTWARE\Sci-fi\3DSFMM2
    Task: {3FE28AC9-5A50-47EA-9092-935FD2BFB031} - System32\Tasks\{129BF4A3-35CF-4628-AC7E-3C990A628150} => pcalua.exe -a D:\Simon\GTAVC\GTAVC\setup.exe -d D:\Simon\GTAVC\GTAVC
    Task: {4266E050-E674-4883-A810-48970EA706B0} - System32\Tasks\{2E5897A4-B2DA-4A64-B3A6-32C789E8CAF2} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {42F6B276-5CFE-4B62-A189-823F47BBC7D0} - System32\Tasks\{50D0BA28-B5B5-4436-8708-46D02B059606} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {43D6C43A-8B20-4C7F-A061-A70567F30815} - System32\Tasks\GoogleUpdateTaskMachineCore1d093f73f14b8b0 => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {442BEC5F-39EF-45C4-B9B0-8D5FE1EA925D} - System32\Tasks\{D2819F58-C7B9-43E0-B7FC-CC7D04F671FA} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {449D6243-66A9-4E38-8F90-FB7D7BC8B6B2} - System32\Tasks\{8A02F65B-9F35-4760-9360-F52C0EF28E49} => pcalua.exe -a "F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe" -d "F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1"
    Task: {48E8EE20-94F4-4226-810F-7B700DC7BDA1} - System32\Tasks\{4AAB42F5-0303-4CA6-BEC8-25641736BCB7} => pcalua.exe -a F:\SOFTWARE\PC_Game_Captain_Claw\Captain_Claw.exe -d F:\SOFTWARE\PC_Game_Captain_Claw
    Task: {4D045905-4067-48E6-9A7A-B3CA71F3D3CD} - System32\Tasks\{A67A488D-B88A-4318-AD63-6FAAD5348AF9} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
    Task: {4ECC40EC-6AA3-496C-BAAF-D6E1CED6C359} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d093f6df30a7ef => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {4FC85321-2501-4B6E-822F-F333092043E7} - System32\Tasks\{B9390F74-AB50-463C-9DAD-5545C019B0E6} => pcalua.exe -a F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English.exe -d F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English
    Task: {50687F36-9E0D-4053-B406-EF08E7A5E39C} - System32\Tasks\{87CDCB4B-4029-4D9C-9C3D-972DAA004789} => pcalua.exe -a F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1\Setup.exe -d F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1
    Task: {50D4DA95-8F52-47A4-9074-18A075E40CAA} - System32\Tasks\{9BA04DE8-B0FC-4F41-9AFB-1485887D2008} => F:\SOFTWARE\GAMES\Disk1\GTA IV\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe
    Task: {51D9C856-80AD-4DD6-BCB4-F0B2DF42BA82} - System32\Tasks\{E4CEFB91-901F-4D67-8087-2A0F05E7E8A9} => pcalua.exe -a C:\WINDOWS\ISUNINST.EXE -c -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Task: {578D7EDA-31AF-4A7D-9DD7-C65AAD438E95} - System32\Tasks\{2D74B2DB-F334-48C1-AD4E-C536F3C58FFC} => pcalua.exe -a "F:\SOFTWARE\GAMES\gta mods\Setup_1224997649.exe" -d "F:\SOFTWARE\GAMES\gta mods"
    Task: {57BD3291-EBD9-4896-B170-DD0532EFA6EA} - System32\Tasks\{1B5E53BD-CDAD-459B-8AA3-3B316C4BFAAE} => F:\SOFTWARE\GAMES\Installer\Manhunt 1 pc\Manhunt 1\Manhunt\manhunt.exe
    Task: {5A722E8C-EE69-4E49-A9A8-211D9C2F5E1E} - System32\Tasks\{AD75DD0E-0F23-4A9D-BDFC-376FE827900E} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman\SetupReg.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman"
    Task: {5B43CF1C-5ACD-41EC-A7A4-BC53A5B0FE26} - System32\Tasks\{DE6C0DA1-8738-43F3-82E2-8F2532C4EA11} => pcalua.exe -a "F:\SOFTWARE\3D\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d F:\SOFTWARE\3D\3DSFMM2
    Task: {5B915FC5-FD9C-461E-802F-4D7B3F448819} - System32\Tasks\{9EEE59D8-FA14-4C0D-AE3C-84899D3340DD} => pcalua.exe -a "F:\SOFTWARE\GAMES\Tony Hawk Coll\Matt Hoffman's Pro BMX\MHProBMX\Setup.exe" -d "F:\SOFTWARE\GAMES\Tony Hawk Coll\Matt Hoffman's Pro BMX\MHProBMX"
    Task: {5B994750-FADD-4D7D-A88C-96F6D0E56D71} - System32\Tasks\{7811BBC2-C3D6-4573-89FD-38C5D1CF1D23} => F:\SOFTWARE INSTALER\MY GAMES INSTALLER\GUN HOLDER\GUN HOLDER\GUN HOLDER.exe
    Task: {5C47D654-F669-4B43-80AC-C3E791BA6F14} - System32\Tasks\{0EA76A0F-BA75-4861-ADC2-8FC095EBEE6B} => pcalua.exe -a "C:\Windows\Big City Adventures-Sydney Australia\uninstall.exe" -c "/U:F:\SOFTWARE\GAMES\BC\Uninstall\uninstall.xml"
    Task: {5CF9D825-9E21-477F-9C6C-8B13C57AB826} - System32\Tasks\{F787B258-F7A2-492C-9B1A-EE079A63746A} => pcalua.exe -a "C:\Users\john\Downloads\IPL in cricket 2002\IPL in cricket 2002\IPL in Ea cricket 2002 Installation file.exe" -d "C:\Users\john\Downloads\IPL in cricket 2002\IPL in cricket 2002"
    Task: {5F49A61C-4AD8-41D7-B67B-E6E9481AFCF9} - System32\Tasks\{0A8ED3A7-5BF6-4E16-B0A0-C5A814B2A28F} => pcalua.exe -a "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe" -d "C:\Program Files\Common Files\Adobe AIR\Versions\1.0"
    Task: {610C0BD0-3E76-432A-93BA-C5D929B8FC97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {653BDD9B-F475-4AF9-A239-81F69C2AADE0} - System32\Tasks\{4B9296DC-2C21-4F02-870E-533BAD323EFB} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
    Task: {697EE54C-EC8A-4CC5-A320-7373D20F2EFE} - System32\Tasks\{B6F5E290-AAFA-4131-ABBD-21B068468C16} => pcalua.exe -a "C:\Program Files\uTorrent\uTorrent.exe" -c /UNINSTALL
    Task: {6A016004-30E6-479D-B965-C05D68B4F4F0} - System32\Tasks\{C08D028F-306F-4FEF-B493-75EFB1B248F1} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
    Task: {6AA435F0-E7AF-4657-965B-3976DC38E51A} - System32\Tasks\{F569FAA6-BF87-444D-935B-0403C8C42DB1} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {6AE757DF-16ED-4C89-91E2-59AC8BD09DFA} - System32\Tasks\{FCC4046C-6A2F-4E69-B31C-88F431F6201A} => pcalua.exe -a F:\SOFTWARE\GAMES\ironman{www.grandpcgames.com}\IronMan{www.grandpcgames.com}\setup.exe -d F:\SOFTWARE\GAMES\ironman{www.grandpcgames.com}\IronMan{www.grandpcgames.com}
    Task: {6B9B080C-8834-41E6-A02B-4E701400E37C} - System32\Tasks\{3DBFD8FC-0FE0-45C5-B076-D65C988E7F73} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {6EFE6006-D8CB-49CF-8A48-405AFA513EE0} - System32\Tasks\{EAA11498-8659-4E9F-BF73-B0524C1EBD79} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\LeeGTs Games\Mystery of Cleopatra\MysteryOfCleopatra.exe"
    Task: {7705FFD8-7267-4A55-806E-AB0CC33DA287} - System32\Tasks\{5D69DFCF-CAE7-4CCF-AD57-173C3D2EA726} => pcalua.exe -a "F:\SOFTWARE\GAMES\HITMAN\Hitman - Codename 47\Setup.exe" -d "F:\SOFTWARE\GAMES\HITMAN\Hitman - Codename 47"
    Task: {778E0453-3AA9-4253-83E7-CE6154D54EB0} - System32\Tasks\{BF73481C-4937-48A7-95B2-55535FEA0395} => pcalua.exe -a C:\Users\john\Downloads\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg\ms3d184setup.exe -d C:\Users\john\Downloads\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg
    Task: {781DBD4A-09F6-4B14-9091-4D986233E9EE} - System32\Tasks\{23D4E67A-44F0-4862-A338-A5DC403C7437} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {794F5E6C-A365-4CE6-8EC2-3359431EDFCE} - System32\Tasks\{EAE8D808-4A93-446C-A9DE-2680C32535AD} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
    Task: {7ACEF580-8086-481B-AAC2-32E14983A041} - System32\Tasks\{BC2F6DCB-D3CD-462F-85A5-B7DCFF6BB9F0} => C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE [2010-05-20] (Microsoft Corporation)
    Task: {7E0A75B6-B714-41FB-8228-0F33F10FA839} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d17c18fa5ce246 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {7F611482-7545-4AE9-8D91-77FE8E5194FC} - System32\Tasks\{E243BE9A-BDBE-4BDB-927B-685141552FC2} => pcalua.exe -a "C:\Users\john\Downloads\25 To Life Portable\codecs\wmp6cdcs.exe" -d "C:\Users\john\Downloads\25 To Life Portable\codecs"
    Task: {7F8C3F00-13C8-4B55-A228-D60FEDF5A064} - System32\Tasks\{9F2B977A-15F0-4499-B779-0AE415BF5A25} => pcalua.exe -a C:\Users\john\Integrated_BrotherSoft_TB.exe -d C:\Users\john
    Task: {875EFB9C-B2E5-4138-AD19-02A72912BC9E} - System32\Tasks\{AD5DF03F-212A-4BF5-8B1C-AA67E22153BC} => pcalua.exe -a "C:\Program Files\RADVideo\radvideo.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bink and Smacker"
    Task: {88F3C954-FEF0-4DD0-AAED-4C78083AA355} - System32\Tasks\{D0BF31D6-9696-4788-B8CA-FB96F133558D} => F:\SOFTWARE\GAMES\sof\sof3.exe
    Task: {89DD8A2F-484B-4FB8-A2B8-396FC66DAB0A} - System32\Tasks\{99CFE9FF-DC70-4E12-8019-8CB5C9486A18} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Grand Theft Auto4_VC\GTA Vice City.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Grand Theft Auto4_VC"
    Task: {8A52E0A4-9FCA-445D-8AF9-6FA7BCC9E744} - System32\Tasks\{6AD0D404-D0FB-447E-A66D-4E53923F121A} => pcalua.exe -a "F:\SOFTWARE\GTA San Andreas Highly Compressed.exe" -d F:\SOFTWARE
    Task: {8C19DBD5-0ADF-43A7-80FA-467FE51A9C5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000UA => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {8D32B812-7FF3-48FA-ABFA-567BE6E26E5F} - System32\Tasks\{4092DCE0-383E-48BC-BED6-115E2728545C} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
    Task: {8D65B8CA-27D4-4CEE-8F3E-6073E32A93DB} - System32\Tasks\{FC62F8A9-2EAE-4C02-BFDD-1F06ACB4D7BE} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
    Task: {8DDAC4EE-B9F0-4BF2-AD7E-9CAEE5DF329A} - System32\Tasks\{64387EF1-1483-4973-A063-7BD1DC13BE6E} => pcalua.exe -a C:\Users\john\Documents\Downloads\hod3_trial.exe -d C:\Users\john\Documents\Downloads
    Task: {8ED2F185-4683-4ABC-8E58-6600A7E2CFE7} - System32\Tasks\{C25418E4-7379-4422-B616-7B5E8BE09387} => pcalua.exe -a C:\Users\john\Downloads\SetupFaceControl.exe -d C:\Users\john\Downloads
    Task: {905AC9DB-4715-4D61-84B7-A5444CFC9A4D} - System32\Tasks\{6AF62A1F-9C56-4809-95D8-6D36C6364CDB} => F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe
    Task: {90A72B92-3E2F-43EE-B74B-C7F845C6580E} - System32\Tasks\GoogleUpdateTaskMachineCore1d1d774da17be96 => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {91B4FC65-4DCD-4D89-94D2-C7E9B012091D} - System32\Tasks\{3BD714A8-4720-4475-9005-7705D3E1FBA4} => pcalua.exe -a "F:\SOFTWARE\COMMANDO2\Commandos 2\SETUP.EXE" -d "F:\SOFTWARE\COMMANDO2\Commandos 2"
    Task: {94F3C1CB-0889-4E86-9006-A22A95F181E1} - System32\Tasks\{7108D2BA-C91D-49D7-9E47-6C5B59C6DE36} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {95ACEB18-2D26-48D8-8FE1-186B0CB350C1} - System32\Tasks\{22ED1228-0A82-4435-9253-B422E15D164C} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe
    Task: {97EB3B94-9219-4DA8-B88A-B94BFD5E9AE1} - System32\Tasks\{14BAF71A-EDC6-43D2-85D2-F2D01C214111} => F:\SOFTWARE\GAMES\BurnOut Paradise\Burnout ParaDise{GNdH}\Burnout ParaDise{GNdH}\BurnoutParadise.exe
    Task: {983D0185-9ED3-40CA-98AA-31E8AC71A2B7} - System32\Tasks\{7DFB5AF2-1452-43DF-8B0C-4B2E145C6C59} => pcalua.exe -a "F:\SOFTWARE INSTALER\ultimatevicecity2.exe" -d "F:\SOFTWARE INSTALER"
    Task: {9AA8D228-E6B9-4458-8273-116D1B59809F} - System32\Tasks\{4164A57F-CCCA-4190-873C-DAE8DA3E9EA7} => pcalua.exe -a "F:\SOFTWARE INSTALER\install_animoids_dl\Windows\install_animoids.exe" -d "F:\SOFTWARE INSTALER\install_animoids_dl\Windows"
    Task: {9B3D424E-6D55-4716-A5CD-A6C19084DD60} - System32\Tasks\{12D56BBA-AD8C-4251-B3D0-9462E83996AC} => pcalua.exe -a "F:\SOFTWARE\New folder (2)\bike fly\bike fly.exe" -d "F:\SOFTWARE\New folder (2)\bike fly"
    Task: {9D825210-E307-4968-80A9-D3D03DA88F86} - System32\Tasks\{D70DA801-B03F-4460-9E46-61733BFD7B4E} => pcalua.exe -a F:\SOFTWARE\GAMES\CALLOF~1\Uninstall\Unwise.exe -c /u F:\SOFTWARE\GAMES\CALLOF~1\Uninstall\Install.log
    Task: {9DAE06E0-03A2-42A3-95E4-D6DCD0A83EAA} - System32\Tasks\{59B0097C-25FA-4072-A677-F83829C7AC74} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\TTL.exe
    Task: {A05B0E66-6BC5-472C-9E5F-5CF7ECAB0740} - System32\Tasks\{2CEE4132-7BE5-4A3F-BF34-0A444A78AF54} => pcalua.exe -a F:\SOFTWARE\GAMES\setUP347.exe -d F:\SOFTWARE\GAMES
    Task: {A3A2D152-E3E0-49B7-871B-1F701A76FF16} - System32\Tasks\{BEDED5CE-3CE8-4FB4-A65F-4DD15BA06E35} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {A4F811F3-A417-4006-9457-DACF05966BFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {A999E4E8-113F-43F9-AAFA-31113CF588CF} - System32\Tasks\{1D2EFDE2-9AF3-4732-BE8A-CA0B72377F37} => C:\Program Files\Gam-A-Guru\Fire Jolts\Game\Game.exe
    Task: {AF2CEA20-DE8B-4940-AFDC-69FC33C5A3BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {B1A5C201-A835-49FD-8A5E-AF7AE9E8A8C3} - System32\Tasks\{C02B878B-D6A2-4771-9534-C8CF2858CB7B} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe
    Task: {B5F69C27-E310-438C-B570-0399B25E7A02} - System32\Tasks\GoogleUpdateTaskMachineCore1d17acab00ca3d9 => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: {B70643A6-FB18-4F4F-9B3E-E0591C17921D} - System32\Tasks\{44AE25A9-6E17-47A5-B2EE-675FCC306744} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\Hitman 1, kkabod\Hitman 1\Setup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\Hitman 1, kkabod\Hitman 1"
    Task: {B78ABD30-C545-476A-94E5-C31BE8FF86DC} - System32\Tasks\{FB436C00-19C0-4B3A-B5F9-94EFC6756C5C} => pcalua.exe -a "F:\Gamez\Counterstrike Condition Zero\AUTORUN.EXE" -d "F:\Gamez\Counterstrike Condition Zero"
    Task: {B92A95A9-8862-4DEA-AC4F-B8F640744AB6} - System32\Tasks\CrackTracker => C:\Program Files\zabkat\crack tracker\craktrak.exe
    Task: {BB2FCEF5-84F8-4E58-8667-31E53246F9BA} - System32\Tasks\{078A3136-D228-439D-B20A-2AF6A84C4DB7} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {BC1237E8-C9EE-4C05-86FC-85A3B39C0BE2} - System32\Tasks\{561DF6EC-1812-43D7-9A8E-536A93F5564A} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {C750C08B-E07E-405E-BAA8-D1D976413156} - System32\Tasks\{E8FC51EB-116B-49CF-B0E3-BE51C98FEB93} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman\Spider-Man Setup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman"
    Task: {C8EC5BFF-E243-40F4-B075-12767BDD921B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-26] (Adobe Systems Incorporated)
    Task: {CCDBA163-5050-4AF9-AB46-6A90680BD2F1} - System32\Tasks\{FAC50A4D-C0C3-4032-81CD-C835BB16F3A7} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English"
    Task: {CE9BF9C4-A1CE-4D3F-B464-B3DE67A9BCDF} - System32\Tasks\{D0E9313E-14CB-4D11-859B-26360006C739} => pcalua.exe -a "F:\SOFTWARE INSTALER\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg\ms3d184setup.exe" -d "F:\SOFTWARE INSTALER\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg"
    Task: {CF21B205-E5F7-45DA-9AA7-B07E8B30CE66} - System32\Tasks\{23763B24-4ED4-4A02-8746-0DB3BBDED29F} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\codecs\wmp6cdcs.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\codecs"
    Task: {D1662E1C-A699-431F-9DAD-8DBCEEDFF103} - System32\Tasks\{2E8EE9A6-0EF2-43A2-AEDC-BAD8E25AD0D8} => pcalua.exe -a F:\RGSC_1_1_3_0\RGSC_1_1_3_0.exe -d F:\RGSC_1_1_3_0
    Task: {D2028427-32DB-44F5-AA61-E8DBEE9FF534} - System32\Tasks\{8E95A132-02FF-4127-9107-BDC81BE4C5DB} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D26C1033-9887-4268-BC03-DCC312F82E42} - System32\Tasks\{48A3F74B-102F-42F7-97D8-CC7D7B81C29D} => msiexec.exe /package "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
    Task: {D34F4F76-1BCC-4701-984B-8DB779F60BE6} - System32\Tasks\{ECF229E3-41ED-484D-92D2-3B3A0AEA3741} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D474B054-611E-48BF-9D6C-166B7FF1039A} - System32\Tasks\{34103A99-055F-4789-AE7E-131DF7533E64} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D5A092EF-3DBB-40A4-AAE3-A4D39BC16AEC} - System32\Tasks\{ED128BDA-21DF-4A02-9212-5E7F35B381D8} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {D78DB71E-86F8-4132-B234-FDD674552F8A} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files\UCBrowser\Application\update_task.exe  <==== ATTENTION
    Task: {D8D61169-9B3E-4F6A-820B-4948CF4901F7} - System32\Tasks\{E0DDEE73-E98B-4848-A2BA-9603B7A94529} => F:\SOFTWARE\GAMES\Installer\Halo\halo.exe
    Task: {D9BC1919-1A5B-4C4D-BA75-DF95C86E114C} - System32\Tasks\{B3A3C857-58D5-4B85-9DEA-AE97931BB6D2} => pcalua.exe -a "F:\New folder\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d "F:\New folder\3DSFMM2"
    Task: {DCD31F20-0356-402B-8CEA-EEF89D76E05F} - System32\Tasks\{C3F48B97-04AB-4AC3-94FB-11BAC934E924} => pcalua.exe -a F:\avs\AVSVideoEditor\AVSVideoEditor.exe -d F:\avs\AVSVideoEditor
    Task: {DDE9669E-8815-4446-AABB-782192010EDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d20073320433e5 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {E03EFFE5-EAC0-4E82-86B7-4AE31C00E1B8} - System32\Tasks\{B71F23FA-279B-4DDD-89E1-B629B3C9E70F} => pcalua.exe -a C:\Users\john\Downloads\Swf2Avi_Setup.exe -d C:\Users\john\Downloads
    Task: {E1654A0A-5473-486D-9CC2-8F33C532CB13} - System32\Tasks\{C423D519-1269-4114-9565-FE6BB13F42A2} => pcalua.exe -a C:\Users\john\Downloads\imgtool20\imgtool20\IMGTool.exe -d C:\Users\john\Downloads\imgtool20\imgtool20
    Task: {E84B95EC-71F1-4D1C-9145-B56BB32A65D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d13979c826472a => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {E9F9BA78-C1AB-4C4B-8E1D-6D0B3290F399} - System32\Tasks\{C14DF91E-1B95-4968-84F3-6B22DBEA3B4E} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\Project IGI\SETUP.EXE
    Task: {EA84C26C-7C9A-4B20-A9B6-2076B9ACA8A9} - System32\Tasks\{DFA8041A-9F86-4F54-A626-B0E2529C9667} => F:\SOFTWARE\GAMES\Disk1\GTA IV\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe
    Task: {ECFA2B6A-644C-4718-ABC5-FBC7FE54F5A6} - System32\Tasks\{B2A7C95D-0780-440D-BE9E-62A26BF656B1} => pcalua.exe -a F:\SOFTWARE\GAMES\UnInstall.exe -d F:\SOFTWARE\GAMES
    Task: {ED67A7DB-DA0C-4727-AA8D-27A1E9AD5969} - System32\Tasks\{884FD653-1594-4CC3-8FA0-1F1A5C894517} => pcalua.exe -a "E:\GAMES INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\Adobe Photoshop Cs3 Extended Full Version\A__d__Lite\Adobe_Photoshop_CS3_Lite\Adobe Photoshop CS3 Lite.exe" -d "E:\GAMES INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\Adobe Photoshop Cs3 Extended Full Version\A__d__Lite\Ado (the data entry has 22 more characters).
    Task: {EE09FC41-123F-4604-8FEC-7655763D8669} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1c96b76750e9391 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {F32C8DC4-64BD-472F-9DCC-21C2B044BC72} - System32\Tasks\{0B9CA604-9E4D-4784-B38C-787DD935EB3E} => F:\SOFTWARE\New folder (2)\Fairyland\Land.exe
    Task: {F40C808D-36A9-4DE0-A586-D54E5C3AFB30} - System32\Tasks\{5111BAEF-4EF8-4CAE-9FC7-7A37828E0DFC} => pcalua.exe -a "F:\SOFTWARE\GAMES\Spiderman Coll\Spider-Man Friend or Foe\SMFOF\Setup.exe" -d "F:\SOFTWARE\GAMES\Spiderman Coll\Spider-Man Friend or Foe\SMFOF"
    Task: {F52FF28B-C246-4C13-9786-9DA92F73ECE8} - System32\Tasks\{12F6E446-1F06-493A-ADAC-ABD7836C2E91} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1\Setup.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_Engli (the data entry has 9 more characters).
    Task: {F55C7924-4354-420E-AEA9-5748A6373179} - System32\Tasks\{083A8F1A-06E6-46C6-AF26-079AAFA471C1} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
    Task: {F6FDBA5C-40A9-488A-8340-92A3D68497D8} - System32\Tasks\{0B0145C4-2A6E-4832-A24E-20E661A8D27D} => pcalua.exe -a "C:\Program Files\Activision\Spider-Man Demo\Spider-Man Setup.exe" -d "C:\Program Files\Activision\Spider-Man Demo"
    Task: {F7A51897-0E26-499B-9BE6-A92A0B254281} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d01646fee86a63 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {F7B3EB7D-A397-476D-BC2A-A16EC5C82A7E} - System32\Tasks\{DC35C43B-190F-4888-BF7E-5CE76D7720E6} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
    Task: {F7D0648D-E0B9-4E4C-8B06-996565236C16} - System32\Tasks\{62630B4C-B940-4640-A711-87A96794C270} => pcalua.exe -a "F:\Iron.Man.PC.Game.Only.150.MB\Iron.Man.PC Game Only 150MB.www.KosovaDC.com\Iron.Man.by.GranD.MasteR.BeraatZ - www.KosovaDC.com\SetupReg.exe" -d "F:\Iron.Man.PC.Game.Only.150.MB\Iron.Man.PC Game Only 150MB.www.KosovaDC.com\Iron.Man.by.GranD.MasteR.BeraatZ - www.KosovaDC.com"
    Task: {FA091FAE-704D-4C77-AA48-819D09E56681} - System32\Tasks\{23D25206-8089-4E41-8B27-3891DCCB9B71} => pcalua.exe -a "F:\SOFTWARE\GAMES\Mario\MarioForever V4.4.exe" -d F:\SOFTWARE\GAMES\Mario
    Task: {FB86A1A3-1F41-4516-B051-403C85BBCD97} - System32\Tasks\{CC04E13D-5DB7-4301-B1A8-6B9DDD5FB2B6} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\WWE Raw Portable\WWE Raw Portable\RegSetup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\WWE Raw Portable\WWE Raw Portable"
    Task: {FB96B27A-5426-4299-9C3C-941A6418064B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d076f59f224db5 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
    Task: {FC210E5F-1BE7-44A0-9E2F-A4601C51FB54} - System32\Tasks\{8C25F203-A8B8-453C-9391-140E765C6235} => pcalua.exe -a "F:\SOFTWARE INSTALER\kgb_arch_win_gui_v1.2.1.24.exe" -d "F:\SOFTWARE INSTALER"
    Task: {FC89EE7D-B926-4A42-8D00-C4ECB5182A21} - System32\Tasks\{62472289-97C6-40DA-8750-D4DA9D2A230A} => F:\SOFTWARE\GAMES\Installer\Manhunt 1 pc\Manhunt 1\Manhunt\manhunt.exe
    Task: {FCC94352-E6A8-4E01-892D-FBA79AA87B4D} - System32\Tasks\{BE6DA57B-B8CA-45C9-B4BE-52D20A9E4DC7} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
    Task: {FCEDF998-D787-48FB-9FAB-12513A91FBF8} - System32\Tasks\{3D0E3FA7-8948-44DD-84C8-BBFB32787949} => pcalua.exe -a "C:\Program Files\AdorageI-SAL\uninstall.exe" -d "C:\Program Files\AdorageI-SAL"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Forum.lnk -> hxxp://www.chumba.ch/chumbalum-soft/forum
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Homepage.lnk -> hxxp://www.milkshape3d.com
    Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Order Online.lnk -> hxxp://www.milkshape3d.com/ms3d/register.htm

    ==================== Loaded Modules (Whitelisted) ==============

    2012-07-08 19:58 - 2016-10-18 19:18 - 00121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2017-01-09 21:17 - 2011-04-02 16:03 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
    2017-01-09 21:18 - 2011-04-02 16:03 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2010-10-03 17:56 - 2009-04-16 14:08 - 00312832 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\hpfpp70v.dll
    2010-10-03 17:38 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00310720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00900032 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 03037120 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00220608 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-10-04 16:15 - 2016-09-09 18:56 - 00658432 _____ () F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe
    2016-10-04 16:15 - 2016-09-09 18:55 - 00023552 _____ () F:\SOFTWARE\DM\Free Download Manager\WinDivert.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 02122688 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 01608128 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 01502656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00167872 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00031680 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00749504 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00015808 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\icudt53.dll
    2016-10-14 14:40 - 2016-10-19 00:12 - 00018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation [63]
    AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation [63]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\sony.com -> sony.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 07:34 - 2017-02-10 16:42 - 00003070 ___RA C:\Windows\system32\Drivers\etc\hosts

    65.112.87.186           contractjack.master.gamespy.com         #heartbeats 
    65.112.87.186           contractjack.ms11.gamespy.com           #server list
    65.112.87.186           contractjackd.master.gamespy.com        #heartbeats 
    65.112.87.186           contractjackd.ms3.gamespy.com           #server list
    65.112.87.186           nolf2.master.gamespy.com                #heartbeats 
    65.112.87.186           nolf2.ms9.gamespy.com                   #server list
    63.239.170.9  natneg1.gamespy.com  #firewall nat negotation server 1 
    63.239.170.10  natneg2.gamespy.com  #firewall nat negotation server 2
    63.144.111.199  natneg3.gamespy.com  #firewall nat negotation server 3 (rarely used)
    65.112.87.188  gamestats.gamespy.com  #statistics, required by some games 
    63.239.170.53  motd.gamespy.com  #message of the day placeholder 
    65.112.87.187  chat.gamespynetwork.com  #chat/lobby, required by some games
    65.112.87.187  peerchat.gamespy.com  #chat/lobby, required by some games
    65.112.87.186  gpcm.gamespy.com  #gamespy login session tracking 
    65.112.87.186  gpsp.gamespy.com  #gamespy account validation 
    65.112.87.186  master.gamespy.com  #older games server list
    65.112.87.186  master0.gamespy.com  #older games server list
    127.0.0.1                   skiptline
    127.0.0.1                   onhax.net
    127.0.0.1                   www.onhax.net
    127.0.0.1                   forum.onhax.net
    127.0.0.1                   https://forum.onhax.net
    127.0.0.1                   labs.onhax.net
    127.0.0.1                   do2dear.net
    127.0.0.1                   sanet.me
    127.0.0.1                   piratecity.net
    127.0.0.1                   rsload.net
    127.0.0.1                   www.masterkreatif.com
    127.0.0.1                   idm-crack-patch.blogspot.in
    127.0.0.1                   www.fullstuff.net

    There are 3 more lines.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\john\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.42.129
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: EasyAntiCheat => 3
    MSCONFIG\Services: HPSIService => 2
    MSCONFIG\Services: PinnacleUpdateSvc => 2
    MSCONFIG\Services: PnkBstrA => 2
    MSCONFIG\Services: ServiceLayer => 3
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
    MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    MSCONFIG\startupreg: gflauncher => "F:\SOFTWARE\GAMES\WarFace\GFACE Launcher\live\gflauncher.exe" --autostart
    MSCONFIG\startupreg: Google Update => C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
    MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    MSCONFIG\startupreg: nppApplication => "C:\Users\john\AppData\Roaming\NotepadPlusPlusApp\nppApplication.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{DCBE7502-1C57-48CC-A421-2688BBCD22D6}F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [UDP Query User{7AD2D35D-ECFA-48A1-87E9-0C65304521B1}F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [TCP Query User{9A8FA688-D302-4850-B3DE-1059CAC96818}F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [UDP Query User{9B049ED7-7D6C-4DA4-A97B-195E2DC6B372}F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [{E601E0F6-68C5-4827-8962-12DE11E98E9D}] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [{E8E96DB3-1507-4F8F-BC2E-C40242198E18}] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
    FirewallRules: [TCP Query User{FAD0729C-2166-4496-95EA-2999A5ACE7A2}F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [UDP Query User{A2E3AB5D-5CA9-4C63-AFB3-FDAC53AA9ED8}F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [{81616F60-9D28-48DA-B82A-224210E263C6}] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [{5D2E5B9E-A073-4593-A46C-DC0F9B7D00CF}] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
    FirewallRules: [TCP Query User{B9D24952-CF0A-46C0-8D72-E47BF44C9D0B}F:\software\games\outlast\outlast\binaries\win32\olgame.exe] => F:\software\games\outlast\outlast\binaries\win32\olgame.exe
    FirewallRules: [UDP Query User{39EF3D1D-C195-493A-8FDE-121C202CBF63}F:\software\games\outlast\outlast\binaries\win32\olgame.exe] => F:\software\games\outlast\outlast\binaries\win32\olgame.exe
    FirewallRules: [TCP Query User{59C3437D-48E3-46A2-BA24-08F0BEFA5B7A}F:\software\games\moto gp 3\motogp urt 3\motogp.exe] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [UDP Query User{8F6BE0F7-402B-4B04-AEB8-45BFDC510BCB}F:\software\games\moto gp 3\motogp urt 3\motogp.exe] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [{156013AF-593A-4DAE-9AE8-4C7CA5FCDD4B}] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [{011BE3B5-C403-413A-8B82-518DE76E5126}] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
    FirewallRules: [TCP Query User{8ACD8895-60E4-4101-B91F-8EBD9D2DA993}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [UDP Query User{7F74A6B8-25AB-4AB0-A43A-A96287CEE177}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [TCP Query User{A3022DB3-9152-43C7-A963-09C76B8416B3}F:\software\games\moto gp 2\motogp2\motogp2.exe] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [UDP Query User{D8A3527F-15A5-4D0B-91DC-6473FC162395}F:\software\games\moto gp 2\motogp2\motogp2.exe] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [{9C0EC179-C96C-47D4-8E9D-7BE975DCA027}] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [{92B66C16-1328-41CE-96E1-A7D53B009A02}] => F:\software\games\moto gp 2\motogp2\motogp2.exe
    FirewallRules: [TCP Query User{09CE43FF-3617-4E0B-A3BB-0BD0AFD84921}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [UDP Query User{28008A10-C432-4212-8248-9626A861F497}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [TCP Query User{B1FA3379-FCBC-45FA-94D4-1C32A6CC3C51}F:\software\games\motogp\motogp.exe] => F:\software\games\motogp\motogp.exe
    FirewallRules: [UDP Query User{42ECE62B-7A23-48FD-B1A5-6BE158BEC85E}F:\software\games\motogp\motogp.exe] => F:\software\games\motogp\motogp.exe
    FirewallRules: [{DA4F953F-AA80-49DB-8E7A-F0CBBABF8474}] => F:\software\games\motogp\motogp.exe
    FirewallRules: [{54712882-52AC-4E4C-BEA0-B4D311A2512C}] => F:\software\games\motogp\motogp.exe
    FirewallRules: [TCP Query User{04DA8932-7B44-47AD-95B3-E4CE587EAC94}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [UDP Query User{241459DD-42F9-41C8-A323-B2137351F777}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
    FirewallRules: [TCP Query User{7E816506-4FBE-4D91-8CAF-8FDECC4AA652}F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe] => F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe
    FirewallRules: [UDP Query User{FEE9AD8A-8DC6-4184-8EBE-68FE8C34242B}F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe] => F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe
    FirewallRules: [TCP Query User{C8B35F04-BB2F-4D31-AC1B-58EA724B19F3}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [UDP Query User{00804F11-3C8C-4151-9865-F69352D3C6BA}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
    FirewallRules: [TCP Query User{274BA925-9BBF-4577-B767-745CADF1563F}F:\software\games\soldier of fortune ii\sofii\sof2mp.exe] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [UDP Query User{39131056-EFDE-4862-B623-584719E55DF6}F:\software\games\soldier of fortune ii\sofii\sof2mp.exe] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [{51D5C84C-EC06-4B66-8B97-29F97EF6DADD}] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [{8693C76F-9955-42CE-9347-F96A1DC377AA}] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
    FirewallRules: [TCP Query User{4AF434C8-AC2C-4A4D-93EF-2DC15279E7CD}F:\software\games\installer\nfs\speed.exe] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [UDP Query User{FEADED2F-464B-4069-8E84-85515A93F451}F:\software\games\installer\nfs\speed.exe] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [{B89BD137-81B0-4E31-AD01-78B3F8B4C4B7}] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [{38B83BD5-27C3-4688-BC76-1BF3959F4ED5}] => F:\software\games\installer\nfs\speed.exe
    FirewallRules: [TCP Query User{E8148AC7-FCD0-4B80-A1AC-B86A34604F07}F:\software\games\installer\halo\halo.exe] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [UDP Query User{EC354E9E-95A3-4C9D-B0DE-95F96B6D6911}F:\software\games\installer\halo\halo.exe] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [{9BB1D990-D903-4304-994F-E5A07EC862F2}] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [{A212C0AA-B9A3-4B50-BBBE-FC525A2ABD33}] => F:\software\games\installer\halo\halo.exe
    FirewallRules: [TCP Query User{129610E0-DC0E-4FF8-8776-1AE4EBD486D3}F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe] => F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe
    FirewallRules: [UDP Query User{378AC9E0-9391-4766-98E0-69606E30A7D1}F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe] => F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe
    FirewallRules: [TCP Query User{D5A2F7BF-5D1A-49D8-93A9-EF4B5FA0095F}F:\software\games\installer\call of duty\codmp.exe] => F:\software\games\installer\call of duty\codmp.exe
    FirewallRules: [UDP Query User{FBA6B1D1-2290-46C5-82F5-F7ACA2C3CC39}F:\software\games\installer\call of duty\codmp.exe] => F:\software\games\installer\call of duty\codmp.exe
    FirewallRules: [TCP Query User{0D1B9C61-19E2-4E89-925A-7DA0CC1B067D}F:\software\games\farcry3\farcry 3\bin\farcry3.exe] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [UDP Query User{649DC6C5-C57F-4ED5-980E-9F57F0BC904A}F:\software\games\farcry3\farcry 3\bin\farcry3.exe] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [{FFC2643B-6AEC-4CFE-989E-58BF68F803A3}] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [{C09F243A-2230-46AF-86C1-83F59E358EEB}] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
    FirewallRules: [TCP Query User{8097223D-6718-46EF-A9BD-4D4BDAF64FD1}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [UDP Query User{692BC860-437D-411E-8771-4FB359389DDC}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [{2CC42872-87F3-4EB0-AA38-7D9E67ED03BA}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [{B4D89584-8165-4FD9-969F-885A27FD49F9}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
    FirewallRules: [TCP Query User{E0A55979-74A7-4CAD-96FC-074D85C350FF}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [UDP Query User{290ABCB2-C42F-4FAD-83C8-FE1916CBD055}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [{59467AFF-7BB5-4717-ACE0-5283F0DA56A3}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [{FD3DE39F-D882-4214-9F64-CCBD388F4E14}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
    FirewallRules: [TCP Query User{5515D3EA-075A-4C7E-B4F4-EDED7D55EC9C}F:\software\games\installer\halo\halo\halo.exe] => F:\software\games\installer\halo\halo\halo.exe
    FirewallRules: [UDP Query User{6EAE949A-F0A7-4B9D-ABBC-E7FCE11EA3B3}F:\software\games\installer\halo\halo\halo.exe] => F:\software\games\installer\halo\halo\halo.exe
    FirewallRules: [TCP Query User{BFB97868-A203-4BDD-B425-01BB73A69A83}F:\software\games\installer\gamez\saints row 2\sr2_pc.exe] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [UDP Query User{BFAC110B-9B8D-4782-BD45-9C9BDE1E2ADB}F:\software\games\installer\gamez\saints row 2\sr2_pc.exe] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [{0FAFB5C2-DBC1-4F28-BE6A-5352D27F1487}] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [{CEE5232E-C659-4370-991D-BE78C263AFAC}] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
    FirewallRules: [TCP Query User{8FC7C3F8-825D-4179-9511-1FF0F8635C3A}F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe] => F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe
    FirewallRules: [UDP Query User{A99A424C-9FF6-4879-8439-83E51CF9F2DB}F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe] => F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe
    FirewallRules: [TCP Query User{C3CEA229-715E-4B14-A0AC-218B07CC8840}F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe] => F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe
    FirewallRules: [UDP Query User{204275A5-0310-44F8-9FF9-848AD7A269FC}F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe] => F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe
    FirewallRules: [TCP Query User{E0A923CA-37F9-40C5-8912-B3B3F3431C83}F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [UDP Query User{69C817E6-3DEA-4DED-A203-61A6E1C30DC2}F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [{02087311-366D-473D-BD16-290AD30133B3}] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [{F0149704-FE03-4EDC-B38D-6DEA540DB017}] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
    FirewallRules: [{89D99642-ED43-4AE4-B1F6-96E71CF48BCC}] => C:\Windows\System32\PnkBstrA.exe
    FirewallRules: [{00C9C4ED-B33C-4243-ACAB-CD14BA9E3484}] => C:\Windows\System32\PnkBstrA.exe
    FirewallRules: [{38BAD83B-8038-42ED-810F-6FABA95FFC51}] => C:\Windows\System32\PnkBstrB.exe
    FirewallRules: [{4C65AB3E-5508-48F1-AD20-4EFAE0E7EBDE}] => C:\Windows\System32\PnkBstrB.exe
    FirewallRules: [TCP Query User{2A63243B-78F4-4D52-A420-CDD22C000181}F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [UDP Query User{767D3BA2-8E1F-424A-85DC-0D11F9EB8D85}F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [{4126805B-BEA0-498D-B46D-F3085F0EE3C4}] => F:\SOFTWARE\Evolve\EvoSvc.exe
    FirewallRules: [{6E7C1E83-212F-40FD-B22D-87BED1ADC213}] => F:\SOFTWARE\Evolve\EvolveClient.exe
    FirewallRules: [TCP Query User{AED538CB-BF3F-476A-B5DE-8B19B07A7CC6}F:\software\games\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [UDP Query User{5E7FB950-282E-433E-8F32-50685E42161C}F:\software\games\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [{F6ED12A7-5188-465A-8AC9-DC41032F1FFB}] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [{64B369A8-0D47-4D3D-8658-F1A14DCE01CC}] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
    FirewallRules: [TCP Query User{DBE353C2-674A-47C8-AB48-8B81A4943FC7}C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe] => C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe
    FirewallRules: [UDP Query User{4234CAE8-167A-4DEA-B279-D53CF27B7BE8}C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe] => C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe
    FirewallRules: [TCP Query User{D874C16E-FAF9-4A6F-9DFC-F7FA40822D8F}C:\windows\system32\dplaysvr.exe] => C:\windows\system32\dplaysvr.exe
    FirewallRules: [UDP Query User{0366B07E-6302-426F-984F-493F9F805884}C:\windows\system32\dplaysvr.exe] => C:\windows\system32\dplaysvr.exe
    FirewallRules: [{3C3677EC-414C-4146-9CEE-85BAB1163BDB}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{F8DF310B-0099-4A7F-8844-4D4E98349783}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{9654B86F-F949-4FB6-B542-EB2C91CDB6A5}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{3D6ECB24-3443-4625-8843-308D478144A5}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [TCP Query User{656C0E3C-7FEE-45B1-9AFD-098A7FD7F09C}F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe] => F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe
    FirewallRules: [UDP Query User{E1A1950F-8041-468C-A6ED-6F9ECA1675D5}F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe] => F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe
    FirewallRules: [TCP Query User{0AD87A43-72D8-487B-9D0A-FA25B8FFAE64}F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe] => F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe
    FirewallRules: [UDP Query User{C034CDEC-7CF2-4029-A1D5-02FCB6674E6C}F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe] => F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe
    FirewallRules: [TCP Query User{54F90538-28EA-42D1-B756-22308F9325E6}F:\software\games\sector 8\section 8\binaries\s8game-f.exe] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [UDP Query User{10742634-2E26-49D4-B53D-77D6FDF504F8}F:\software\games\sector 8\section 8\binaries\s8game-f.exe] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [{821C5ACD-82F3-402D-8184-B616F6B43623}] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [{0E586078-99D5-4C81-AA41-70094B030A61}] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
    FirewallRules: [TCP Query User{1561A5D2-AD2B-42A2-9EEC-B7A6D6F211D5}F:\software\games\7554\7554\7554.exe] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [UDP Query User{BC274553-222F-4668-8735-4DB98167AD17}F:\software\games\7554\7554\7554.exe] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [{24EC96A4-A6E8-42EA-840B-450DDA4DCA11}] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [{5AA23779-A841-41E0-916A-117B7A16E84D}] => F:\software\games\7554\7554\7554.exe
    FirewallRules: [TCP Query User{7CFAE32C-EC2D-4D62-A2A5-13A4E04890FF}F:\software\games\tom clancy's h.a.w.x\hawx.exe] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [UDP Query User{6CF710F5-FEB3-4BFF-B07C-F1776A2D0A0C}F:\software\games\tom clancy's h.a.w.x\hawx.exe] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [{9AAE82DA-0AFA-4C45-AAFE-A26D51C9EC0B}] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [{E6FD0997-A736-45F9-A3ED-3260E6C3544B}] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
    FirewallRules: [TCP Query User{2E0282CF-546F-47E4-8D6D-049307122F46}F:\software\games\cs\hl.exe] => F:\software\games\cs\hl.exe
    FirewallRules: [UDP Query User{D82F8AF8-C26A-4AD9-82CC-BDFCBDD1C6D6}F:\software\games\cs\hl.exe] => F:\software\games\cs\hl.exe
    FirewallRules: [{E1AFE0DC-05C6-484A-ADF5-7941FE4D9EA9}] => F:\software\games\cs\hl.exe
    FirewallRules: [{CCCF62A2-8B00-40E9-B9B1-F0ED1F17709E}] => F:\software\games\cs\hl.exe
    FirewallRules: [TCP Query User{5117D8C9-92AB-431F-9B6E-70B56B7A4544}F:\software\games\splinter cell ct\system\splintercell3.exe] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [UDP Query User{96C09BCC-877D-4AEE-BAE6-F4C7233B19C7}F:\software\games\splinter cell ct\system\splintercell3.exe] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [{416B201D-3A7C-4EB6-AAEB-FDE5FDF9D98F}] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [{E7FB67BB-3B0C-434B-9534-63B5AAA964A9}] => F:\software\games\splinter cell ct\system\splintercell3.exe
    FirewallRules: [TCP Query User{B057F8FB-F20A-4C6A-955D-8662800E4ED9}F:\software\games\cod\codmp.exe] => F:\software\games\cod\codmp.exe
    FirewallRules: [UDP Query User{2CB6A5EE-75C7-43E3-A745-B9C52E71B6F1}F:\software\games\cod\codmp.exe] => F:\software\games\cod\codmp.exe
    FirewallRules: [{882E3EA8-552D-4C3F-B014-6F6DA7D33582}] => F:\software\games\cod\codmp.exe
    FirewallRules: [{B0F5EA44-DF41-4D5F-AD2D-8C623CB3D08B}] => F:\software\games\cod\codmp.exe
    FirewallRules: [TCP Query User{39A16B65-56F4-4875-B0FC-032E6BF4E8C8}F:\software\games\commandos\commxpc.exe] => F:\software\games\commandos\commxpc.exe
    FirewallRules: [UDP Query User{C546F9C6-C7F2-415A-9C96-4B05CC6AFC36}F:\software\games\commandos\commxpc.exe] => F:\software\games\commandos\commxpc.exe
    FirewallRules: [{45F24DA3-CF2E-479F-A542-52CBFE0E353D}] => C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{1A3589AB-8A4E-4D11-96F5-87A9E712D35E}] => C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{BC83DDAB-7528-421B-A78E-C36EC5D4FCDC}] => C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{BA95809E-C008-4B02-85D5-468D1B170162}] => C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{9B0F94BC-B56C-4398-81E0-4863FC73642E}] => C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{5248034F-37AE-4D40-9927-66B4F2006145}] => C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{751C55DA-C21A-4192-88FD-FE26DEF168A9}] => C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{7F0EEFDA-C9D8-4DA1-879E-48DF820D947D}] => C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{141BAF04-3919-47AB-A7EE-E38663D23B7A}] => C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{56748069-3B3F-4382-A34B-C1F5D8FC3DD8}] => C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [TCP Query User{D5ED4FB1-9F3F-4128-87EE-FA053CDC56BD}F:\software\games\sr4\saints row iv\saintsrowiv.exe] => F:\software\games\sr4\saints row iv\saintsrowiv.exe
    FirewallRules: [UDP Query User{036B1728-2F72-4B86-BFBF-5DBCC0AFF030}F:\software\games\sr4\saints row iv\saintsrowiv.exe] => F:\software\games\sr4\saints row iv\saintsrowiv.exe
    FirewallRules: [TCP Query User{98821F78-265E-41DB-B91F-BE85F968B1C9}C:\gog games\serious sam the first encounter\bin\serioussam.exe] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [UDP Query User{7A11F9C2-E351-487B-9A74-E1130272EC17}C:\gog games\serious sam the first encounter\bin\serioussam.exe] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [{421E876F-88CA-4C4A-95CE-FD49211723DF}] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [{5A99C861-00B6-4C91-8A61-2532740D4431}] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
    FirewallRules: [TCP Query User{53B9040E-B249-4BED-9F11-3CA17872BAE5}F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [UDP Query User{D03F3EF5-6813-4DC5-BEA9-8169CEBB59BF}F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe
    FirewallRules: [TCP Query User{DB6B8000-29B5-49BC-A9D6-F80403A7832C}F:\software\games\bionic commando\bionic commando\bionic_commando.exe] => F:\software\games\bionic commando\bionic commando\bionic_commando.exe
    FirewallRules: [UDP Query User{31BCDF30-7759-4A21-A409-DFBE1CEE1788}F:\software\games\bionic commando\bionic commando\bionic_commando.exe] => F:\software\games\bionic commando\bionic commando\bionic_commando.exe
    FirewallRules: [TCP Query User{20A8FF64-781E-4165-BF41-B1E62DC781F6}F:\software\games\sof3\sof3.exe] => F:\software\games\sof3\sof3.exe
    FirewallRules: [UDP Query User{E3D1F40C-8A2B-4C1C-AE73-851EF83C4BC2}F:\software\games\sof3\sof3.exe] => F:\software\games\sof3\sof3.exe
    FirewallRules: [{3714EEE8-26C0-463B-978D-358C2CAFE79F}] => F:\SOFTWARE\GAMES\Graw2\Ghost Recon Advanced Warfighter 2\graw2.exe
    FirewallRules: [{91C8F6CF-03DC-4A43-8548-0A32A8D1060C}] => F:\SOFTWARE\GAMES\Graw2\Ghost Recon Advanced Warfighter 2\graw2.exe
    FirewallRules: [{378BED23-54BC-486A-98F5-502539EB354E}] => F:\software\games\sof3\sof3.exe
    FirewallRules: [{9E643B47-CCC0-4817-8257-5A169DE94A37}] => F:\software\games\sof3\sof3.exe
    FirewallRules: [{06FACBF3-AA5C-49E1-867C-F4D331CCF975}] => F:\SOFTWARE\DM\Free Download Manager\fdm.exe
    FirewallRules: [{5C3D3E23-B6B1-442D-97C5-3D94E75FCAF0}] => F:\SOFTWARE\DM\Free Download Manager\fdm.exe
    FirewallRules: [{F38F9695-0B86-4805-822F-3F1D28F356DE}] => C:\Program Files\Steam\Steam.exe
    FirewallRules: [{E8BE00EC-4603-4439-8844-E05A922A4502}] => C:\Program Files\Steam\Steam.exe
    FirewallRules: [{18442C2E-57E7-4145-B5CE-3E24D9B299B4}] => C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C4FC2CDC-4E9B-47A7-B302-B6B1DA331D48}] => C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{C170AA34-9B06-46CD-8FE8-6F15ADC67BE9}F:\software\games\splinter cell\system\splintercell3.exe] => F:\software\games\splinter cell\system\splintercell3.exe
    FirewallRules: [UDP Query User{87CD7198-DBA4-46C9-9072-B2EE9170C635}F:\software\games\splinter cell\system\splintercell3.exe] => F:\software\games\splinter cell\system\splintercell3.exe
    FirewallRules: [{5801FC5D-313A-45D3-A659-057BE8D61AE1}] => C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{DE04621E-46CE-4D17-ADAE-3033DE564FC6}] => F:\SteamLibrary\steamapps\common\Warface\live\nw.exe
    FirewallRules: [{5A919273-227A-4859-AB48-2297EF57E136}] => F:\SteamLibrary\steamapps\common\Warface\live\nw.exe
    FirewallRules: [TCP Query User{35D66C09-3AA4-4AC3-8FC2-D29B83E33BAA}F:\software\games\call of duty\codmp.exe] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [UDP Query User{CC94E2E4-2467-4B6F-882C-94987497B018}F:\software\games\call of duty\codmp.exe] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [{A8AA4752-EE25-4A4F-A69A-1EDAA3A47782}] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [{12D5983F-BAC3-4057-8568-B97C2C9F87EC}] => F:\software\games\call of duty\codmp.exe
    FirewallRules: [TCP Query User{3B3CA9C7-30FA-40A5-BD4F-AECFC24466A0}D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe] => D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe
    FirewallRules: [UDP Query User{A575CF5E-E345-4CDB-B244-41BA08F85A1A}D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe] => D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe
    FirewallRules: [{5DEFCD40-112B-47A9-9AAD-3174C4E8D461}] => F:\SOFTWARE\GAMES\I Am Alive\src\System\IAmAlive_game.exe
    FirewallRules: [{C6EE05D7-5201-4C52-A3CE-30F688B03BA4}] => F:\SOFTWARE\GAMES\I Am Alive\src\System\IAmAlive_game.exe
    FirewallRules: [{6DB37E13-089D-43E9-9797-9C35A7817FC4}] => F:\SOFTWARE\GAMES\I Am Alive\IAmAlive_Launcher.exe
    FirewallRules: [{6DA7649C-598A-4B3C-9DA4-B64767879F84}] => F:\SOFTWARE\GAMES\I Am Alive\IAmAlive_Launcher.exe
    FirewallRules: [{E6A14F82-5B8D-4FC7-96FE-555BAE791DB0}] => C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{9181A1B2-0715-4910-A4FC-A70A1B3F051E}] => C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{33E445DB-E29F-4233-9B8D-45BCB6C98E18}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{591114D1-AE28-4B70-B660-C1D83613953E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{3C9AE3E5-8C51-4C6D-B4D9-D78DF85C462F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{EC3AE57F-F1E8-48D8-B271-F67387FBFA13}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{FD05D236-EA1D-4D2C-9F26-EC1DD430A5C7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{37B03555-DFC4-40FB-9470-3AF3EB308255}F:\software\games\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\left 4 dead\left4dead.exe
    FirewallRules: [UDP Query User{28FAAD15-85CF-49A9-9A16-4734625CDC3F}F:\software\games\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\left 4 dead\left4dead.exe
    FirewallRules: [TCP Query User{29749E34-B790-41E0-B9BC-CA1C4DE85BD2}C:\xiaomi\xiaomiflash\xiaomiflash.exe] => C:\xiaomi\xiaomiflash\xiaomiflash.exe
    FirewallRules: [UDP Query User{E1DAD9D0-9E32-4764-8026-30FDC9E18526}C:\xiaomi\xiaomiflash\xiaomiflash.exe] => C:\xiaomi\xiaomiflash\xiaomiflash.exe
    FirewallRules: [TCP Query User{0DDD5B00-1944-498C-9251-4A8C986F905A}F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe] => F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe
    FirewallRules: [UDP Query User{A44743A5-C7F8-4462-AB22-4C4DB2073A82}F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe] => F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe
    FirewallRules: [TCP Query User{79CAE1F3-AC2C-48CF-8673-49EC74DE558E}F:\software\unity\editor\unity.exe] => F:\software\unity\editor\unity.exe
    FirewallRules: [UDP Query User{45087234-3A5E-47C9-9C04-E775DA97778E}F:\software\unity\editor\unity.exe] => F:\software\unity\editor\unity.exe
    FirewallRules: [{027C58D1-6DCE-49C3-A112-0F2C1453C1C3}] => F:\software\unity\editor\unity.exe
    FirewallRules: [{5420C678-C973-4CEB-81AE-BA22023E9E74}] => F:\software\unity\editor\unity.exe
    FirewallRules: [{D5103368-EB1B-48FB-94C3-94225619A57D}] => F:\SteamLibrary\steamapps\common\WARMODE\warmode.exe
    FirewallRules: [{3E07BBE1-AA06-45A3-9F25-9039288D9B37}] => F:\SteamLibrary\steamapps\common\WARMODE\warmode.exe
    FirewallRules: [TCP Query User{5300A8F6-6508-4BFB-B96A-21B13A4A779F}F:\software\games\crysis\crysis\crysis.exe] => F:\software\games\crysis\crysis\crysis.exe
    FirewallRules: [UDP Query User{5119D2A0-C0F7-4570-860C-77890D85C156}F:\software\games\crysis\crysis\crysis.exe] => F:\software\games\crysis\crysis\crysis.exe
    FirewallRules: [TCP Query User{AF30BE37-639F-40A4-93E6-271EB56609A9}E:\games\left 4 dead 2\left4dead 2\left4dead2.exe] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [UDP Query User{7DD6800E-63FA-4F3C-B1D2-CA809175DC17}E:\games\left 4 dead 2\left4dead 2\left4dead2.exe] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [{63F07EE9-8889-4327-98B0-2D1A1F5961E9}] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [{1073B8A9-D573-42D4-A1BF-3E3ABF83F695}] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
    FirewallRules: [TCP Query User{7C9E4798-BB6A-4AB5-9B2C-29F7CC1D7896}E:\games\trackmania2\trackmania 2\maniaplanet.exe] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [UDP Query User{4F0CE124-E15C-45E5-824C-A3E443A2351F}E:\games\trackmania2\trackmania 2\maniaplanet.exe] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [{99A7878C-1DF3-4903-8D9A-86B2DDA5BD8A}] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [{D7A3EBC0-8DA6-46AB-8068-AF5CE70D8D8F}] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
    FirewallRules: [TCP Query User{11C50F83-E74D-49CE-B992-97B50C3FD6EA}C:\games\trackmania 2\maniaplanet.exe] => C:\games\trackmania 2\maniaplanet.exe
    FirewallRules: [UDP Query User{6C125162-207D-4E43-BABF-3E09A26DBB82}C:\games\trackmania 2\maniaplanet.exe] => C:\games\trackmania 2\maniaplanet.exe
    FirewallRules: [TCP Query User{F07127DC-16AA-4117-A7F2-86B1BCC2698B}C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
    FirewallRules: [UDP Query User{EFFCE1AB-1002-498E-B3F1-28A9F748641C}C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
    FirewallRules: [TCP Query User{E7E1179A-87BC-4447-896C-4D09AE20A648}E:\games\midtown madness 2\midtown madness 2\midtown2.exe] => E:\games\midtown madness 2\midtown madness 2\midtown2.exe
    FirewallRules: [UDP Query User{FAB75568-B9A7-41CE-B12E-95DA895FD3B8}E:\games\midtown madness 2\midtown madness 2\midtown2.exe] => E:\games\midtown madness 2\midtown madness 2\midtown2.exe
    FirewallRules: [TCP Query User{605508C3-4E62-4D7D-A634-97C8EA7A81BC}E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin] => E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin
    FirewallRules: [UDP Query User{D0E40591-6199-4774-B275-B7808E03D3E6}E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin] => E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin
    FirewallRules: [TCP Query User{8EAF3A2A-EF8A-449C-8294-B42DF132CEA0}E:\games\sof3\sof3.exe] => E:\games\sof3\sof3.exe
    FirewallRules: [UDP Query User{996318BB-D31C-4C17-AE98-84456E4B0ACE}E:\games\sof3\sof3.exe] => E:\games\sof3\sof3.exe
    FirewallRules: [TCP Query User{E60D9CCA-64E8-4609-8203-563FD177322E}F:\need for speed\speed.exe] => F:\need for speed\speed.exe
    FirewallRules: [UDP Query User{BD4E4D81-29AE-44C6-82FB-FCF869F58482}F:\need for speed\speed.exe] => F:\need for speed\speed.exe
    FirewallRules: [TCP Query User{F2989582-E63E-404A-84A6-77DEF46079EB}E:\games\new folder\motogp.exe] => E:\games\new folder\motogp.exe
    FirewallRules: [UDP Query User{71F44CAD-50DE-4644-8F72-FAA18D89A4BF}E:\games\new folder\motogp.exe] => E:\games\new folder\motogp.exe
    FirewallRules: [TCP Query User{35317282-9BEE-4AE9-B03A-59941A6C10A3}F:\software\games\p2\prototype 2\prototype2.exe] => F:\software\games\p2\prototype 2\prototype2.exe
    FirewallRules: [UDP Query User{BEBACC49-90FE-417F-A603-E51E2B8EF85C}F:\software\games\p2\prototype 2\prototype2.exe] => F:\software\games\p2\prototype 2\prototype2.exe
    FirewallRules: [TCP Query User{B41B3C24-BF11-4C4C-AFC0-054DAB75B7D4}E:\games\crysis 2\crysis 2\bin32\crysis2.exe] => E:\games\crysis 2\crysis 2\bin32\crysis2.exe
    FirewallRules: [UDP Query User{76FC0088-6A19-4C26-AE93-C0CF16E7E6D9}E:\games\crysis 2\crysis 2\bin32\crysis2.exe] => E:\games\crysis 2\crysis 2\bin32\crysis2.exe
    FirewallRules: [TCP Query User{9E69EE81-7209-49C6-A726-74F579C2FFAE}E:\games\motogp\motogp.exe] => E:\games\motogp\motogp.exe
    FirewallRules: [UDP Query User{707910D1-008B-4F44-AD1F-53A8C19A1DA2}E:\games\motogp\motogp.exe] => E:\games\motogp\motogp.exe
    FirewallRules: [{3750D5AA-A6A8-44AF-B2DF-5688127DF701}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{C74D8111-1304-49EF-BCC8-C04CA37DE4B1}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [TCP Query User{8EA6AE7B-F084-4F63-AB2B-6B2BFBA107E0}E:\games\driver san francisco\driver.exe] => E:\games\driver san francisco\driver.exe
    FirewallRules: [UDP Query User{A579F6F1-5419-47CE-B014-0B86B1954E53}E:\games\driver san francisco\driver.exe] => E:\games\driver san francisco\driver.exe
    FirewallRules: [{65B29817-6843-44DF-842C-1DDF17315856}] => F:\EVL\EvoSvc.exe
    FirewallRules: [{39B440DE-AD08-40F4-BB2D-90B1C07FA6CA}] => F:\EVL\EvolveClient.exe
    FirewallRules: [TCP Query User{35C2C89D-84E0-437F-996F-5047A99FC2CC}E:\games\dead space\dead space.exe] => E:\games\dead space\dead space.exe
    FirewallRules: [UDP Query User{235A9A61-C21B-4E42-8256-53504771DD08}E:\games\dead space\dead space.exe] => E:\games\dead space\dead space.exe
    FirewallRules: [TCP Query User{D1B04FBE-CC2D-4DCF-B25F-1B7710241BB4}F:\software\unity\monodevelop\bin\monodevelop.exe] => F:\software\unity\monodevelop\bin\monodevelop.exe
    FirewallRules: [UDP Query User{33227A65-86A5-4C0F-A845-BF457930F915}F:\software\unity\monodevelop\bin\monodevelop.exe] => F:\software\unity\monodevelop\bin\monodevelop.exe
    FirewallRules: [{A4FEEF1C-5DDE-4612-9F52-7974ABDDF337}] => F:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
    FirewallRules: [{0E3861F2-5127-44C9-94AD-0340FAEC98A2}] => F:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
    FirewallRules: [TCP Query User{9DBA3FD9-DAA2-454B-948A-83C392578C84}F:\steamlibrary\steamapps\common\cry of fear\cof.exe] => F:\steamlibrary\steamapps\common\cry of fear\cof.exe
    FirewallRules: [UDP Query User{50B6F80D-EE35-47B0-8FAD-6E9A6C433579}F:\steamlibrary\steamapps\common\cry of fear\cof.exe] => F:\steamlibrary\steamapps\common\cry of fear\cof.exe
    FirewallRules: [TCP Query User{FBCE72C1-85DF-4D1A-B496-83B9B4CDD8E7}E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe] => E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe
    FirewallRules: [UDP Query User{13DBFA50-A782-4CE3-A307-0FF7D7506A7D}E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe] => E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe
    FirewallRules: [{EE08187A-7764-4AF2-A224-618F12D31EDD}] => E:\Games\FarCry2\Far Cry 2\bin\FarCry2.exe
    FirewallRules: [{A2E80555-3220-43A3-8A87-5E54D6EA0576}] => E:\Games\FarCry2\Far Cry 2\bin\FarCry2.exe
    FirewallRules: [{70DB4B0D-C60C-4C74-AB46-4FB4D8402DBA}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Launcher.exe
    FirewallRules: [{8FDEE838-A7ED-42A4-BEDC-A84C044FD480}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Launcher.exe
    FirewallRules: [{2CF9C72C-1453-4AAC-8719-5443E65F965D}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Editor.exe
    FirewallRules: [{D75B646A-95ED-4E98-83F5-B826EC83DE72}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Editor.exe
    FirewallRules: [TCP Query User{5B972FC1-7FE1-48FE-B860-C94D8B89052B}E:\nfs\speed.exe] => E:\nfs\speed.exe
    FirewallRules: [UDP Query User{C995FF46-02AA-43FA-BF1A-70D3AEE4A48D}E:\nfs\speed.exe] => E:\nfs\speed.exe
    FirewallRules: [{E71E0CF0-02E3-4CDF-A157-C07D4249CA24}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{0FADEF8B-4BE2-4B02-8F45-5A2A1AB8A04B}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E5EDABDD-5243-4035-8F6B-7804D632A7E9}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{7C4E1579-449F-47C2-B663-80E9A383C6A9}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8A979DF7-3457-4C99-8975-AB1502F40A87}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{4DBB37D5-BECB-4474-A953-BC028B25CD55}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{21C3420A-7E1F-4B18-95DE-E1253D968391}E:\games\call of duty 2\cod2\cod2mp_s.exe] => E:\games\call of duty 2\cod2\cod2mp_s.exe
    FirewallRules: [UDP Query User{FB3DFE79-D858-429F-A535-84FF74B4BEB8}E:\games\call of duty 2\cod2\cod2mp_s.exe] => E:\games\call of duty 2\cod2\cod2mp_s.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (02/11/2017 08:53:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    ==================== Memory info ===========================

    Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
    Percentage of memory in use: 40%
    Total physical RAM: 2047.3 MB
    Available physical RAM: 1216.66 MB
    Total Virtual: 4094.61 MB
    Available Virtual: 3134.29 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:48.96 GB) (Free:9.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (MOVIES) (Fixed) (Total:83.01 GB) (Free:11 GB) NTFS
    Drive e: (USER) (Fixed) (Total:83.01 GB) (Free:10.34 GB) NTFS
    Drive f: (SOFTWARE) (Fixed) (Total:83.02 GB) (Free:5.16 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2146DE3F)
    Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=83 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

     

     


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Looks like we got most of it.

     

    This line:

    ManualProxies: 0hxxp://un-blocking.info/wpad.dat?ae70e6ebbad117b2dd34bf9cf8bd1b3217766709

    Did not go away so

    Close all browsers,

    Open Control Panel, (View By: Large Icons), Internet Options, Connections, LAN Settings, then UNCHECK all boxes.  OK.

     

    How is it running now?


    • 0

    #9
    simon_grylls

    simon_grylls

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    I've done what you said, and now everything is fine.

    My Desktop loads quickly and my games are running fine.

    Thanks to You!!!!!!

     

    Is there any other thing I should do?


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Let's check for rootkits:

     

     
    Download aswMBR.exe  to your desktop.
    The link is a direct download so the page won't change.
     
    Right click the aswMBR.exe and select Run As Administrator to run it
    Wait until the AV Scan shows up at the bottom left.
    Change AV Scan: from Quick Scan to  C:\
    Click the "Scan" button to start scan
    If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
    On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
     
    If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

    • 0

    #11
    simon_grylls

    simon_grylls

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    The Scan Completed without any problem, the fix button is not enabled.

     

    aswMRB Log:

     

    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2017-02-12 11:40:03
    -----------------------------
    11:40:03.028    OS Version: Windows 6.1.7601 Service Pack 1
    11:40:03.028    Number of processors: 2 586 0x170A
    11:40:03.028    ComputerName: SIMONRJ  UserName: john
    11:40:33.042    Initialize success
    11:40:33.245    VM: initialized successfully
    11:40:33.261    VM: Intel CPU supported
    11:40:50.702    VM: not used
    11:45:07.138    AVAST engine defs: 17010903
    11:45:59.121    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
    11:45:59.121    Disk 0 Vendor: Hitachi_HDS721032CLA362 JPFOA3EA Size: 305245MB BusType: 3
    11:45:59.152    Disk 0 MBR read successfully
    11:45:59.152    Disk 0 MBR scan
    11:45:59.292    Disk 0 Windows 7 default MBR code
    11:45:59.308    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS        50134 MB offset 206848
    11:45:59.324    Disk 0 Boot: NTFS     code=1
    11:45:59.386    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        85000 MB offset 102881280
    11:45:59.448    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS        85000 MB offset 276961280
    11:45:59.495    Disk 0 Partition 4 00     07      HPFS/NTFS NTFS        85009 MB offset 451041280
    11:46:00.046    Disk 0 scanning sectors +625139712
    11:46:00.187    Disk 0 scanning C:\Windows\system32\drivers
    11:46:34.614    Service scanning
    11:46:51.727    Service MpKsl744d4549 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEB0CFB8-B164-457C-9DB2-5D9A589434E6}\MpKsl744d4549.sys **LOCKED** 32
    11:47:08.154    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    11:47:21.118    Modules scanning
    11:47:21.118    Disk 0 trace - called modules:
    11:47:21.149    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x864671f8]<<
    11:47:21.149    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87282250]
    11:47:21.164    3 CLASSPNP.SYS[8a7af59e] -> nt!IofCallDriver -> [0x871ab328]
    11:47:21.164    5 ACPI.sys[847a53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-4[0x871a3030]
    11:47:21.180    \Driver\atapi[0x87186030] -> IRP_MJ_CREATE -> 0x864671f8
    11:47:21.679    AVAST engine scan C:\
    11:48:54.702    File: C:\FRST\Quarantine\C\Program Files\ShopperPro\JSDriver\1.42.0.1791\jsdrv.sys  **INFECTED** Win32:Adware-gen [Adw]
    11:49:13.734    File: C:\FRST\Quarantine\C\Program Files\ShopperPro\JSDriver\jsdrv.sys  **INFECTED** Win32:Adware-gen [Adw]
    12:01:27.567    File: C:\Program Files\Photo!\Photo! 3D Album\Bin\CustomMP3D.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
    13:47:44.250    Disk 0 statistics 20025800/0/0 @ 2.27 MB/s
    13:47:44.266    Scan finished successfully
    13:48:47.118    Disk 0 MBR has been saved successfully to "C:\Users\john\Desktop\MBR.dat"
    13:48:47.352    The log file has been saved successfully to "C:\Users\john\Desktop\aswMBR.txt"

     


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    11:48:54.702    File: C:\FRST\Quarantine\C\Program Files\ShopperPro\JSDriver\1.42.0.1791\jsdrv.sys  **INFECTED** Win32:Adware-gen [Adw]
    11:49:13.734    File: C:\FRST\Quarantine\C\Program Files\ShopperPro\JSDriver\jsdrv.sys  **INFECTED** Win32:Adware-gen [Adw]
    12:01:27.567    File: C:\Program Files\Photo!\Photo! 3D Album\Bin\CustomMP3D.exe  **INFECTED** Win32:Rootkit-gen [Rtk]

     

    The first two have already been removed by FRST.  The last one might be a false positive.

     

    Let's submit it to virus total to see:

     
    Easiest way to submit a file is to copy the path:
     
    C:\Program Files\Photo!\Photo! 3D Album\Bin\CustomMP3D.exe
     
    Then
    Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with CustomMP3D.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 52 or so different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 52 or so then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
     
    Then repeat for the MBR:
     
    C:\Users\john\Desktop\MBR.dat

    • 0

    #13
    simon_grylls

    simon_grylls

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    It was already analyzed, so I clicked last Analysis.

     

     

    SHA256: 53e58b81e31b19caa7661e3bdeb12c59e7e106b47f393ff90db23084af19e36e

    File name: 44D7604987D7BB021BEA16009FE8D57A_53E58B81E31B19CAA7661E3BDEB12C59...

    Detection ratio: 4 / 57

    Analysis date: 2017-01-26 01:57:29 UTC ( 2 weeks, 4 days ago )

     

     Analysis:

     

     

    Antivirus Result Update Avast Win32:Rootkit-gen [Rtk] 20170126

    Cyren W32/Trojan.DDVK-1351 20170126

    DrWeb Trojan.DownLoad.24456 20170126

    Qihoo-360 Win32/RootKit.Rootkit.7e5 20170126

    ALYac   20170125

    AVG   20170126

    AVware   20170126

    Ad-Aware   20170126

    AegisLab   20170125

    AhnLab-V3   20170125

    Alibaba   20170122

    Antiy-AVL   20170125

    Arcabit   20170126

    Avira (no cloud)   20170125

    Baidu   20170125

    BitDefender   20170126

    Bkav   20170123

    CAT-QuickHeal   20170125

    CMC   20170125

    ClamAV   20170125

    Comodo   20170125

    CrowdStrike Falcon (ML)   20161024

    ESET-NOD32   20170126

    Emsisoft   20170126

    F-Prot   20170126

    F-Secure   20170126

    Fortinet   20170126

    GData   20170126

    Ikarus   20170125

    Invincea   20170111

    Jiangmin   20170126

    K7AntiVirus   20170125

    K7GW   20170126

    Kaspersky   20170126

    Kingsoft   20170126

    Malwarebytes   20170126

    McAfee   20170126

    McAfee-GW-Edition   20170126

    eScan   20170126

    Microsoft   20170126

    NANO-Antivirus   20170126

    Panda   20170125

    Rising   20170126

    SUPERAntiSpyware   20170126

    Sophos   20170126

    Symantec   20170125

    Tencent   20170126

    TheHacker   20170125

    TotalDefense   20170125

    TrendMicro   20170126

    TrendMicro-HouseCall   20170126

    Trustlook   20170126

    VBA32   20170125

    VIPRE   20170125

    ViRobot   20170125

    WhiteArmor   20170123

    Yandex   20170125

    Zillya   20170125

    Zoner   20170125

    nProtect   20170125

     

    MRB.dat file's Detection Ratio 0/52.


    Edited by simon_grylls, 12 February 2017 - 09:57 PM.

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    I think it must be a false positive.  Kaspersky, ESET and Bitdefender don't find anything wrong with it and it appears to be part of  Photo! 3D Album which doesn't have a bad rep so I think it's OK.

     

    I think we can cleanup now:

    To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
     
    DeleteQuarantine:
     
    Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
     
    If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    If you are a Facebook user get the FB Purity extension for your browser:
    This will stop all of the suggested pages and ads so that Facebook loads much quicker.
     
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)
     
    Ron

    • 0

    #15
    simon_grylls

    simon_grylls

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    All Done Sir....

    Thanks for your Help

    Thanks for your Tips


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Bootslow, Black Screen, Lag, Boot, slow, black screen, lag

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP