Deleted the following from C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\prefs.js
user_pref(browser.search.searchengine.hp, hxxp://www.youndoo.com/?z=92dc84caef54f3cca27619dg4z3b7q2z0q3o5b4gam&from=wak&uid=HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX&ty
user_pref(browser.search.searchengine.sp, hxxp://www.youndoo.com/search/?from=wak&q={searchTerms}&type=sp&uid=HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX&z=92dc84caef54f3
user_pref(browser.search.searchengine.uid, HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX);
user_pref(browser.search.searchengine.url, hxxp://www.youndoo.com/search/?from=wak&q={searchTerms}&type=sp&uid=HitachiXHDS721032CLA362_JP1440HA3ATD2S3ATD2SX&z=92dc84caef54f
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2017
Ran by john (administrator) on SIMONRJ (11-02-2017 12:00:14)
Running from C:\Users\john\Desktop
Loaded Profiles: john (Available Profiles: john)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: "C:\Program Files\UCBrowser\Application\UCBrowser.exe" -- "%1")
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe
(Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [687336 2014-05-23] (Zbshareware Lab)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNTA0MTQzMjE0LVFJWDErNC1YMjAxMCsyLUxJQysyLVNQMSsxLVNVU (the data entry has 65 more characters).
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: I - I:\autorun.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {09188fee-04a8-11e6-9b69-4487fcab4607} - H:\Setup.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {09188ff6-04a8-11e6-9b69-4487fcab4607} - H:\Setup.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {1338a56d-d769-11dd-92db-4487fcab4607} - H:\Setup.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {1895f0f4-d769-11dd-9f14-02030f513535} - H:\SISetup.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {39502bf7-433d-11e6-acea-4487fcab4607} - H:\AutoRun.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {4145d62e-d7b9-11dd-a875-4487fcab4607} - H:\AutoRun.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {6cf5b879-d8ac-11dd-80f5-4487fcab4607} - H:\AutoRun.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {ac57d268-d7e2-11dd-adb8-4487fcab4607} - H:\AutoRun.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {aca8c064-8228-11e4-99e2-4487fcab4607} - H:\AutoRun.exe
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\MountPoints2: {f52afa20-515d-11e4-9969-4487fcab4607} - H:\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Providers\4sb5o2kd: C:\Program Files\Tolzermght Adapter\local32spl.dll [274944 2017-02-07] ()
ShellExecuteHooks: No Name - {54AAFC92-EABC-11E6-A1B6-64006A5CFC23} - C:\Users\john\AppData\Roaming\Cujercult\Atazokclvuph.dll [126464 2017-02-07] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0D16E4CC-90FE-4D1B-B557-562D0CF891E1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{286B131A-7D0F-4737-BF0E-86AA2B5144A5}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8E24635A-2D1A-4802-8AAF-B37E96EC1215}: [DhcpNameServer] 192.168.137.129
Tcpip\..\Interfaces\{B7434BC1-CC3D-4888-B2DB-60B673FE2DC4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D87F4CD1-3BA6-437E-B506-C8F478554483}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DF8FA5EE-8347-41FD-9A12-AF1B977B440B}: [DhcpNameServer] 192.168.42.129
ManualProxies: 0hxxp://un-blocking.info/wpad.dat?ae70e6ebbad117b2dd34bf9cf8bd1b3217766709
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131311198838699962&GUID=43784583-9414-4D3C-887F-6C5892FAC77B
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000 -> DefaultScope {ielnksrch} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/1.2/jinstall-11-win.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()
FireFox:
========
FF DefaultProfile: 84cizlnl.default
FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default [2017-02-07]
FF NewTab: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.NT
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\84cizlnl.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\84cizlnl.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\84cizlnl.default -> C:\ProgramData\Hotfreshs\ff.HP
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\4sb5o2kd.xml [2017-02-07]
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\84cizlnl.default\searchplugins\findit.xml [2017-02-07]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-13] (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2010-10-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2010-10-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2010-10-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: @tools.google.com/Google Update;version=3 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: @tools.google.com/Google Update;version=9 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-13] (Pando Networks)
FF Plugin HKU\S-1-5-21-2280821914-3189600555-3011743376-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-26] (Ubisoft)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHCxomeujIo3zShG6o34N1BxQ-YeHx5r3_oD1CACZ8OBXNYc4F0vpyZT5twVvbJdmrMgeC5Jaa6Yn9AVS_7poDf8cgdrnWssc0R83p3I0UllQxE826TSSp0XRhfvQ1haCofyF0mWavdBmVPDw1Ai17FtBijY_ztIZ76gYDBYUg,,
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHCxomeujIo3zShG6o34N1BxQ-YeHx5r3_oD1CACZ8OBXNYc4F0vpyZT5twVvbJdmrMgeC5Jaa6Yn9AVR_pun2hQWdxZNBP6ZFFvntC8rPyrmDAeNY9sIyYQa0djrnAeyz-TrRUJop0BVC4b4gk51Ajna-GDc4pJkvJtef9n2A,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\john\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll => No File
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-01-02]
CHR Extension: (Galaxy-View) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbeddldohkakodfncjnkkjfojggbahp [2017-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2010-05-04] (Avid Technology, Inc.) [File not signed]
S4 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [249104 2016-10-06] (EasyAntiCheat Ltd)
S3 EvoSvc; F:\EVL\EvoSvc.exe [1583488 2016-12-28] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-10-19] (NVIDIA Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-10-19] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-10-19] (NVIDIA Corporation)
S4 PinnacleUpdateSvc; C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2015-06-22] (PowerUp Software, LLC) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2017-01-21] ()
S4 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [629648 2017-01-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 athsgt; C:\Windows\System32\DRIVERS\athsgt.sys [164992 2013-03-29] () [File not signed]
S3 BTCAMDRV; C:\Windows\System32\DRIVERS\BTCamDrv.sys [219136 2006-01-11] (Windows ® 2000 DDK provider) [File not signed]
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2016-03-12] (Echobit, LLC)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2016-11-11] (LogMeIn, Inc.)
S3 hid7906; C:\Windows\System32\drivers\hid7906.sys [53793 2006-06-28] (Compuware Corporation) [File not signed]
R2 limsgt; C:\Windows\System32\DRIVERS\limsgt.sys [12544 2013-03-29] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-10-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-08-04] (NVIDIA Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [205312 2016-08-30] (QUALCOMM Incorporated)
S3 qrkis; C:\Windows\System32\DRIVERS\qrkis.sys [45608 2010-11-17] (Tether)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC)
R2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [12528 2016-10-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed]
R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed]
S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-03-25] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-11 12:00 - 2017-02-11 12:00 - 00018619 _____ C:\Users\john\Desktop\FRST.txt
2017-02-11 11:57 - 2017-02-11 11:57 - 00001323 _____ C:\Users\john\Desktop\JRT.txt
2017-02-11 11:54 - 2017-02-11 11:49 - 00016434 _____ C:\Users\john\Desktop\AdwCleaner[C0].txt
2017-02-11 11:45 - 2017-02-11 11:45 - 01763328 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
2017-02-11 11:44 - 2017-02-11 11:45 - 01663040 _____ (Malwarebytes) C:\Users\john\Desktop\JRT.exe
2017-02-11 11:44 - 2017-02-11 11:44 - 04015056 _____ C:\Users\john\Desktop\AdwCleaner.exe
2017-02-11 11:34 - 2017-02-11 11:34 - 00000000 _____ C:\Windows\system32\__00159B70__C0000005.dmp
2017-02-11 09:02 - 2017-02-11 09:02 - 00006644 _____ C:\Users\john\Documents\junk.txt
2017-02-11 09:02 - 2017-02-11 09:02 - 00006644 _____ C:\junk.txt
2017-02-11 09:01 - 2017-02-11 09:01 - 00007728 _____ C:\Users\john\Documents\System Idle Process.txt
2017-02-11 08:54 - 2017-02-11 08:54 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\john\Desktop\procexp.exe
2017-02-11 08:52 - 2017-02-11 08:52 - 00006405 _____ C:\Users\john\Documents\VEW-Application.txt
2017-02-11 08:51 - 2017-02-11 08:51 - 00006231 _____ C:\Users\john\Documents\VEW-System.txt
2017-02-11 08:50 - 2017-02-11 08:52 - 00006405 _____ C:\VEW.txt
2017-02-11 08:48 - 2017-02-11 08:48 - 00061440 _____ ( ) C:\Users\john\Desktop\VEW.exe
2017-02-11 08:44 - 2017-02-11 08:44 - 00000000 _____ C:\Windows\system32\__44322530__C0000005.dmp
2017-02-11 07:20 - 2017-02-11 07:20 - 00000000 _____ C:\Windows\system32\__800064E0__C0000005.dmp
2017-02-10 23:18 - 2017-02-11 07:36 - 00000549 _____ C:\Users\john\gtg.txt
2017-02-10 19:59 - 2017-02-10 19:59 - 00000000 _____ C:\Windows\system32\__65746E69__C0000005.dmp
2017-02-10 19:51 - 2017-02-10 19:51 - 00000000 _____ C:\Windows\system32\__22343735__C0000005.dmp
2017-02-10 18:45 - 2017-02-10 18:45 - 00000000 _____ C:\Windows\system32\__002563F8__C0000005.dmp
2017-02-10 16:41 - 2017-02-10 17:13 - 00000000 ____D C:\Program Files\PowerDataRecovery
2017-02-10 16:41 - 2017-02-10 16:41 - 00001037 _____ C:\Users\Public\Desktop\MiniTool Power Data Recovery 7.0.lnk
2017-02-10 16:41 - 2017-02-10 16:41 - 00000000 ____D C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _
2017-02-10 16:41 - 2017-02-10 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
2017-02-10 16:39 - 2017-02-10 16:39 - 00000000 _____ C:\Windows\system32\__00000001__C0000005.dmp
2017-02-10 08:24 - 2017-02-10 08:24 - 00000000 _____ C:\Windows\system32\__31303225__C0000005.dmp
2017-02-07 17:29 - 2017-02-07 17:29 - 00000101 _____ C:\Windows\system32\_system.ini
2017-02-07 17:28 - 2017-02-08 16:43 - 00000000 ____D C:\Program Files\Top Password
2017-02-07 17:25 - 2017-02-07 17:25 - 07316480 _____ C:\Users\john\AppData\Roaming\agent.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 01906989 _____ C:\Users\john\AppData\Roaming\ZooSiling.tst
2017-02-07 17:25 - 2017-02-07 17:25 - 00126464 _____ C:\Users\john\AppData\Roaming\noah.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 00126464 _____ C:\Users\john\AppData\Roaming\lobby.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 00072787 _____ C:\Users\john\AppData\Roaming\Silverfix.tst
2017-02-07 17:25 - 2017-02-07 17:25 - 00070752 _____ C:\Users\john\AppData\Roaming\Config.xml
2017-02-07 17:25 - 2017-02-07 17:25 - 00054272 _____ C:\Users\john\AppData\Roaming\ApplicationHosting.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 00018432 _____ C:\Users\john\AppData\Roaming\Main.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 00005568 _____ C:\Users\john\AppData\Roaming\md.xml
2017-02-07 17:25 - 2017-02-07 17:24 - 00983040 _____ C:\Users\john\AppData\Roaming\ZooSiling.exe
2017-02-07 17:25 - 2017-02-07 17:24 - 00983040 _____ C:\Users\john\AppData\Roaming\Silverfix.exe
2017-02-07 17:24 - 2017-02-07 17:25 - 00016560 _____ C:\Users\john\AppData\Roaming\InstallationConfiguration.xml
2017-02-07 17:24 - 2017-02-07 17:24 - 00140288 _____ C:\Users\john\AppData\Roaming\Installer.dat
2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Users\john\AppData\Roaming\Cujercult
2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Users\john\AppData\Local\Tepidom
2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\Avira
2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\Avg
2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Program Files\Tolzermght Adapter
2017-02-07 15:49 - 2017-02-07 15:49 - 00000000 ____D C:\Program Files\Kugshcoijich
2017-02-07 15:43 - 2017-02-07 15:43 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
2017-02-07 15:43 - 2017-02-07 15:43 - 00000000 ____D C:\Program Files\RAR Password Cracker
2017-02-01 18:22 - 2017-02-01 18:22 - 00002633 _____ C:\Users\john\Desktop\µTorrent.lnk
2017-02-01 18:20 - 2017-02-07 17:33 - 00000000 ____D C:\Users\john\AppData\Roaming\uTorrent
2017-01-31 15:41 - 2017-01-31 15:41 - 00001221 _____ C:\Users\john\Desktop\FarCry2 - Shortcut.lnk
2017-01-30 15:40 - 2017-01-30 15:40 - 00000823 _____ C:\Users\Public\Desktop\Call of Duty® 2 Singleplayer.lnk
2017-01-30 15:40 - 2017-01-30 15:40 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty® 2
2017-01-30 15:40 - 2017-01-30 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty® 2
2017-01-29 19:21 - 2017-01-29 19:21 - 25322013 _____ C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _ (1).7z
2017-01-29 15:48 - 2017-01-29 15:50 - 25322013 _____ C:\Users\john\Downloads\MiniTool Power Data Recovery 7 Setup+All Editions _.7z
2017-01-28 18:18 - 2017-01-28 18:18 - 00000644 _____ C:\Users\john\Desktop\samp - Shortcut.lnk
2017-01-28 09:45 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-01-27 16:03 - 2017-01-27 16:05 - 00000000 ____D C:\Users\john\Documents\Battlefield 3
2017-01-17 20:15 - 2017-01-17 20:15 - 00000000 ____D C:\Program Files\AGEIA Technologies
2017-01-17 20:14 - 2017-01-17 03:37 - 03130440 _____ C:\Windows\system32\pbsvc_blr.exe
2017-01-17 19:54 - 2017-01-26 19:27 - 00000000 ____D C:\Users\john\Documents\TrackMania
2017-01-17 19:54 - 2017-01-24 14:46 - 00000000 ____D C:\ProgramData\TrackMania
2017-01-16 02:14 - 2017-01-16 02:14 - 00000216 _____ C:\Users\john\Desktop\Cry of Fear.url
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-11 12:00 - 2015-05-12 20:04 - 00000000 ____D C:\FRST
2017-02-11 12:00 - 2009-07-14 10:04 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-11 12:00 - 2009-07-14 10:04 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-11 11:53 - 2012-07-08 19:59 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-11 11:53 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-11 11:49 - 2015-05-13 17:04 - 00000000 ____D C:\AdwCleaner
2017-02-11 11:48 - 2010-10-03 17:55 - 00000000 ____D C:\Users\john\AppData\Roaming\Yahoo!
2017-02-11 11:40 - 2016-11-05 22:39 - 00000442 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2017-02-11 11:39 - 2011-05-04 08:32 - 15636086 _____ C:\Windows\system32\perfh00C.dat
2017-02-11 11:39 - 2011-05-04 08:32 - 15420442 _____ C:\Windows\system32\perfh001.dat
2017-02-11 11:39 - 2011-05-04 08:32 - 05256696 _____ C:\Windows\system32\perfc00C.dat
2017-02-11 11:39 - 2011-05-04 08:32 - 05219150 _____ C:\Windows\system32\perfc001.dat
2017-02-11 11:39 - 2010-10-03 17:36 - 00006648 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-10 23:18 - 2010-10-03 17:33 - 00000000 ____D C:\Users\john
2017-02-10 22:39 - 2016-06-15 10:12 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-10 20:12 - 2014-12-04 12:32 - 00000000 ____D C:\Users\john\AppData\Local\CrashDumps
2017-02-10 08:23 - 2002-10-07 00:07 - 00119296 _____ C:\Windows\system32\zlib.dll
2017-02-09 19:01 - 2016-10-02 11:29 - 00002025 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-02-09 19:01 - 2009-01-01 00:02 - 00002085 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-02-08 21:28 - 2010-10-03 18:07 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
2017-02-07 15:51 - 2016-10-11 11:45 - 00000000 ____D C:\Users\john\AppData\LocalLow\uTorrent
2017-02-07 15:49 - 2015-05-22 21:32 - 00000000 ____D C:\Program Files\AVS4YOU
2017-02-07 15:49 - 2013-03-21 10:32 - 00000000 ___RD C:\Program Files\TypingMaster
2017-02-07 15:49 - 2012-05-15 19:49 - 00000000 ____D C:\Program Files\ReflexiveArcade
2017-02-07 15:49 - 2011-11-09 14:15 - 00000000 ____D C:\Program Files\UBISOFT
2017-02-07 15:24 - 2013-10-30 18:42 - 00000000 ____D C:\Program Files\Steam
2017-02-06 17:50 - 2016-10-28 17:50 - 00000000 ____D C:\ProgramData\Unity
2017-02-05 11:47 - 2014-05-08 12:15 - 00000000 ____D C:\Users\john\AppData\Roaming\Unity
2017-02-03 17:46 - 2016-11-05 22:38 - 00000000 ____D C:\Program Files\UCBrowser
2017-02-03 17:27 - 2014-04-26 21:26 - 00000000 ____D C:\Users\john\AppData\Local\NVIDIA Corporation
2017-01-31 14:40 - 2009-07-14 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-31 14:38 - 2010-10-03 17:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-31 14:33 - 2016-07-06 20:07 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2017-01-30 15:46 - 2010-10-09 13:08 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-01-24 18:05 - 2011-05-29 07:34 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-01-21 12:24 - 2016-10-16 20:47 - 00282696 _____ C:\Windows\system32\PnkBstrB.exe
2017-01-21 12:24 - 2016-10-16 20:47 - 00139848 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2017-01-21 12:24 - 2016-10-16 20:47 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
2017-01-21 12:24 - 2014-05-27 17:54 - 00282696 _____ C:\Windows\system32\PnkBstrB.xtr
2017-01-21 12:24 - 2013-01-04 17:43 - 00000000 ____D C:\Users\john\AppData\Roaming\Ubisoft
2017-01-21 12:24 - 2012-06-05 18:25 - 00000000 ____D C:\Users\john\AppData\Local\PunkBuster
2017-01-21 12:23 - 2013-08-25 08:19 - 00000000 ____D C:\Users\john\AppData\Local\Ubisoft Game Launcher
2017-01-21 12:23 - 2010-11-25 22:16 - 00000000 ___RD C:\Users\john\Desktop\HTML DOC
2017-01-21 11:38 - 2016-12-24 14:20 - 00000000 ____D C:\Users\john\Documents\Ubisoft
2017-01-17 20:19 - 2013-11-14 18:24 - 00000000 ____D C:\Users\john\Documents\My Games
2017-01-17 20:15 - 2013-09-28 17:40 - 00138056 _____ C:\Users\john\AppData\Roaming\PnkBstrK.sys
2017-01-17 20:15 - 2012-07-08 19:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-17 20:14 - 2015-07-01 12:31 - 00189248 _____ C:\Windows\system32\PnkBstrB.ex0
2017-01-16 13:48 - 2016-10-04 16:15 - 00000000 ____D C:\Users\john\AppData\Local\Free Download Manager
==================== Files in the root of some directories =======
2012-06-27 21:24 - 2012-06-27 21:24 - 0000288 _____ () C:\Users\john\AppData\Roaming\.backup.dm
2011-12-27 20:15 - 2016-04-28 11:42 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe BMP Format CS5 Prefs
2011-06-26 18:38 - 2016-04-23 19:34 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe GIF Format CS5 Prefs
2011-12-27 20:16 - 2016-06-17 19:17 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-03 21:15 - 2016-04-21 20:40 - 0000132 _____ () C:\Users\john\AppData\Roaming\Adobe Targa Format CS5 Prefs
2017-02-07 17:25 - 2017-02-07 17:25 - 7316480 _____ () C:\Users\john\AppData\Roaming\agent.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 0054272 _____ () C:\Users\john\AppData\Roaming\ApplicationHosting.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 0070752 _____ () C:\Users\john\AppData\Roaming\Config.xml
2017-02-07 17:24 - 2017-02-07 17:25 - 0016560 _____ () C:\Users\john\AppData\Roaming\InstallationConfiguration.xml
2017-02-07 17:24 - 2017-02-07 17:24 - 0140288 _____ () C:\Users\john\AppData\Roaming\Installer.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 0126464 _____ () C:\Users\john\AppData\Roaming\lobby.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 0018432 _____ () C:\Users\john\AppData\Roaming\Main.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 0005568 _____ () C:\Users\john\AppData\Roaming\md.xml
2015-05-24 06:11 - 2015-05-24 06:11 - 0000048 _____ () C:\Users\john\AppData\Roaming\msdreg.dat
2017-02-07 17:25 - 2017-02-07 17:25 - 0126464 _____ () C:\Users\john\AppData\Roaming\noah.dat
2013-09-28 17:40 - 2017-01-17 20:15 - 0138056 _____ () C:\Users\john\AppData\Roaming\PnkBstrK.sys
2017-02-07 17:25 - 2017-02-07 17:24 - 0983040 _____ () C:\Users\john\AppData\Roaming\Silverfix.exe
2017-02-07 17:25 - 2017-02-07 17:25 - 0072787 _____ () C:\Users\john\AppData\Roaming\Silverfix.tst
2011-05-12 18:05 - 2011-05-12 18:05 - 0000057 _____ () C:\Users\john\AppData\Roaming\temp.bat
2017-02-07 17:27 - 2017-02-07 17:27 - 0032038 _____ () C:\Users\john\AppData\Roaming\uninstall_temp.ico
2010-10-03 18:07 - 2011-02-25 19:32 - 5046202 _____ () C:\Users\john\AppData\Roaming\UserTile.png
2013-08-21 20:26 - 2015-04-26 04:41 - 0000178 _____ () C:\Users\john\AppData\Roaming\WB.CFG
2013-08-21 20:26 - 2014-01-16 14:09 - 0000005 _____ () C:\Users\john\AppData\Roaming\WBPU-TTL.DAT
2017-02-07 17:25 - 2017-02-07 17:24 - 0983040 _____ () C:\Users\john\AppData\Roaming\ZooSiling.exe
2017-02-07 17:25 - 2017-02-07 17:25 - 1906989 _____ () C:\Users\john\AppData\Roaming\ZooSiling.tst
2016-01-14 23:11 - 2016-01-14 23:11 - 0001456 _____ () C:\Users\john\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-10-08 18:36 - 2009-01-01 16:20 - 0068608 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 20:50 - 2012-05-09 20:50 - 0000092 _____ () C:\Users\john\AppData\Local\fusioncache.dat
2014-01-13 18:44 - 2015-07-20 16:00 - 0007599 _____ () C:\Users\john\AppData\Local\resmon.resmoncfg
2013-08-02 16:49 - 2016-01-14 23:18 - 0000080 _____ () C:\Users\john\AppData\Local\X-Plane Installer.prf
2011-05-05 21:11 - 2011-05-06 08:38 - 0000000 _____ () C:\ProgramData\CLDShowX.ini
2010-10-03 17:50 - 2016-08-02 17:11 - 0026596 _____ () C:\ProgramData\hpzinstall.log
ZeroAccess:
C:\Users\john\AppData\Local\NFS Underground 2
C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 5\Simon Magazine 5
C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 4\Simon Magazine 4
C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 3\Simon Magazine 3
C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 2\Simon Magazine 2
C:\Users\john\AppData\Local\NFS Underground 2\Simon Magazine 1\Simon Magazine 1
C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 3\Simon DVD 3
C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 2\Simon DVD 2
C:\Users\john\AppData\Local\NFS Underground 2\Simon DVD 1\Simon DVD 1
C:\Users\john\AppData\Local\NFS Underground 2\Simon\Simon
C:\Users\john\AppData\Local\NFS Underground 2\N\N
Some files in TEMP:
====================
2017-02-09 17:54 - 2017-02-09 17:54 - 0204800 _____ (Sony DADC Austria AG) C:\Users\john\AppData\Local\Temp\drm_dyndata_7380007.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-04 07:52
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
Ran by john (11-02-2017 12:01:12)
Running from C:\Users\john\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2010-10-03 12:02:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
323A7CE5D4B04CFABF56 (S-1-5-21-2280821914-3189600555-3011743376-1007 - Limited - Enabled)
Administrator (S-1-5-21-2280821914-3189600555-3011743376-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2280821914-3189600555-3011743376-1002 - Limited - Enabled)
Guest (S-1-5-21-2280821914-3189600555-3011743376-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2280821914-3189600555-3011743376-1011 - Limited - Enabled)
john (S-1-5-21-2280821914-3189600555-3011743376-1000 - Administrator - Enabled) => C:\Users\john
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.149 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avid Audio Drivers (x86) (HKLM\...\{2F227ACA-204C-4529-BA33-D095C42C72DB}) (Version: 8.0.4 - Avid)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
Bandicam (HKLM\...\Bandicam) (Version: 1.9.2.454 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Call of Duty® 2 °²×°³ÌÐò (HKLM\...\Call of Duty® 2 °²×°³ÌÐò) (Version: - )
Call of Duty® 2 Patch 1.3 (Version: 1.3 - ) Hidden
Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version: - )
Construct 2 r228 (HKLM\...\Construct 2_is1) (Version: 1.0.228.0 - Scirra)
Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar)
CRYENGINE Launcher (HKLM\...\{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}) (Version: 1.0.0 - Crytek GmbH)
DDS Viewer (HKLM\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version: - IdeaMK)
Easy2Convert BMP to DDS 1.8 (HKLM\...\{D169AB78-E429-4D88-A8F1-31ECC3990518}_is1) (Version: 1.8 - Easy2Convert Software)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Far Cry 2 (HKLM\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
FPI SCRIPTER II (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\8deeb6b52bbb74a0) (Version: 2.0.0.3 - GREGON STUDIOS)
FPS Creator Free (HKLM\...\{800218C2-2E07-461C-85D6-8FDB4F9161D9}) (Version: - )
FPS Creator Model Pack - 10 (HKLM\...\{24EB39DB-B958-413D-818E-C0875101C96B}) (Version: - )
FPS Creator Model Pack - 11 (HKLM\...\{15014839-85AF-439E-9C3C-A93BB74957B1}) (Version: - )
FPS Creator Model Pack - 12 (HKLM\...\{E189B3B5-487D-430E-8668-A77CEF120F2D}) (Version: - )
FPS Creator Model Pack - 13 (HKLM\...\{09847DC5-6C6D-45CD-AE31-CD27CE1FE48F}) (Version: - )
FPS Creator Model Pack - 16 (HKLM\...\{BDB48672-B567-4A4B-989E-0A7C2E220B6F}) (Version: - )
FPS Creator Model Pack - 2 (HKLM\...\{3B78E403-D116-4C56-9D1E-4C245AFC82D9}) (Version: - )
FPS Creator Model Pack - 21 (HKLM\...\{BB9C6299-5713-4428-B8D0-0C0B2F5C9A0E}) (Version: - )
FPS Creator Model Pack - 22 (HKLM\...\{38FC732E-764D-46A2-A79E-A4E484130A3B}) (Version: - )
FPS Creator Model Pack - 28 (HKLM\...\{A9802493-BA56-4304-A2F3-EDF7D35FBA5D}) (Version: - )
FPS Creator Model Pack - 6 (HKLM\...\{F964E0BB-3AD6-4188-B985-453037BE8FFD}) (Version: - )
FPS Creator Model Pack - 7 (HKLM\...\{F6D05799-9659-48CD-8B8A-1AC424A572A9}) (Version: - )
FPS Creator Model Pack - 9 (HKLM\...\{444E3FAE-DC6D-498B-BF98-6B6B61CA46D9}) (Version: - )
FPS Creator Model Pack 49 (HKLM\...\{D034FB9F-35E5-4DFC-8143-D8CB9BD477AB}) (Version: - )
FPS Creator Model Pack 53 (HKLM\...\{B76BB8C6-EE9B-49CC-9141-862856BC5EE5}) (Version: - )
FPS Creator Model Pack 55 (HKLM\...\{884AC351-768E-4F23-8DC1-06E9E47CF36F}) (Version: - )
FPS Creator Model Pack 57 (HKLM\...\{BCA7929A-91E9-4580-8523-6F2010599874}) (Version: - )
FPSC Model Pack 52 (Precracked by N2K) (HKLM\...\FPSC Model Pack 52 (Precracked by N2K)) (Version: - )
FPSC Model Pack 58 (Precracked by N2K) (HKLM\...\FPSC Model Pack 58 (Precracked by N2K)) (Version: - )
FPSC Model Pack 74 (Precracked by N2K) (HKLM\...\FPSC Model Pack 74 (Precracked by N2K)) (Version: - )
FPSC Sprite Pack (Precracked by N2K) (HKLM\...\FPSC Sprite Pack (Precracked by N2K)) (Version: - )
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.18.4671 - FreeDownloadManager.ORG)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.6.9.9 - Siber Systems)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Gtk# for .Net 2.12.26 (HKLM\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 2 SDK Standard Edition v1.2.2 (HKLM\...\Java 2 SDK Standard Edition v1.2.2) (Version: - )
Java 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.260 - Oracle)
JavaPK for Desktop 2.1 (HKLM\...\JavaPK for Desktop) (Version: - )
K-Lite Codec Pack 6.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version: - )
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version: - )
Macro Vibration Joystick (HKLM\...\{36177F72-8181-45D7-95D1-EA5B008A4DC9}) (Version: 2006.05.30 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Uninstaller version 3.0 (HKLM\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 3.0 - hxxp://www.maxuninstaller.com/)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2007 - தமிழ் (HKLM\...\{95120000-00FF-0449-0000-0000000FF1CE}) (Version: 12.0.4518.1086 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MilkShape 3D 1.8.4 (HKLM\...\MilkShape 3D 1.8.4) (Version: 1.8.4 - chUmbaLum sOft)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version: - MiniTool Solution Ltd.)
MP3 Karaoke 6.1.9.a (HKLM\...\119C21A0-FA78-44AE-91B0-C02E39E1829D_is1) (Version: - Accmeware Corporation)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2.1 - Notepad++ Team)
NotepadPlusPlusApp (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\NotepadPlusPlusApp) (Version: - )
NTI Backup Now Standard (Version: 5.0.101.0 - NewTech Infosystems) Hidden
NTI Media Maker 8 (Version: 8.0.2.61 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.00 - NVIDIA Corporation)
NVIDIA 3D Vision PowerPack - Batman Arkham Asylum (HKLM\...\NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1) (Version: - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins (HKLM\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Oxford Dictionary of Idioms and MSDict Viewer (HKLM\...\{D2228D9D-5EB7-415B-A6B8-33C245357F14}) (Version: 3.10.15 - Mobile Systems)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version: - )
PeaZip 5.6.0 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
Photo! 3D Album and Photo! 3D ScreenSaver 1.2 (HKLM\...\My Pictures Editor_is1) (Version: - )
Pinnacle Game Profiler (HKLM\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 8.1.7 - PowerUp Software)
PowerISO (HKLM\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Project My Screen App (HKLM\...\{C4BD97A3-F893-49F6-8D2D-A535DD661131}) (Version: 8.0.12539 - Microsoft Corporation)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAD Video Tools (HKLM\...\RADVideo) (Version: - )
RAR Password Cracker (HKLM\...\RAR Password Cracker) (Version: 4.20 - dnSoft Research Group)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version: - )
Sentinel Protection Installer 7.4.0 (HKLM\...\{5A180ED5-0AC1-410A-B790-5E0319CD0A93}) (Version: 7.4.0 - SafeNet, Inc.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Software Informer 1.1 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
Speakonia (HKLM\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
Speccy (HKLM\...\Speccy) (Version: 1.17 - Piriform)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tom Clancy's Ghost Recon Future Soldier (HKLM\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.00 - Ubisoft)
TurboC++ 3.0.7.7c (HKLM\...\TurboC++) (Version: 3.0.7.7c - NeutroNVegetOStrikeR.DbZ)
UC Browser (HKLM\...\UCBrowser) (Version: 6.0.1308.1016 - UCWeb Inc.)
Unity (32-bit) (HKLM\...\Unity (32-bit)) (Version: 5.4.2f2 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.1 - Ubisoft)
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
VirtualDJ Home FREE (HKLM\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSDC Free Video Editor version 3.3.5.411 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.3.5.411 - Flash-Integro LLC)
WARMODE (HKLM\...\Steam App 391460) (Version: - WARTEAM)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinPump (HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\WinPump) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)
XiaoMiFlash (HKLM\...\{9AF75396-D38E-4F07-831C-9F78923DC015}) (Version: 1.0.0 - XiaoMi)
youndoo - Uninstall (HKLM\...\{73DA1638-A283-4E8C-9490-C27A37DBC069}) (Version: - ) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> %ProgramFiles%\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32 -> C:\Program Files\JavaSoft\JRE\1.2\bin\beans.ocx (JavaSoft / Sun Microsystems)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {005776C8-86D8-4402-AD17-59C0578E23B1} - System32\Tasks\{D0EBE590-B6F1-4214-BB08-FF545DCB3688} => pcalua.exe -a "E:\SOFTWARE INSTALER\My Disc\ADOBE photo e4rPHOTOSHOP_7\_ISDEL.EXE" -d "E:\SOFTWARE INSTALER\My Disc\ADOBE photo e4rPHOTOSHOP_7"
Task: {006C15ED-5465-4111-9C65-A960A5302918} - System32\Tasks\{CC573B76-0ADE-4291-9322-8DE6D8D3F521} => pcalua.exe -a "F:\SOFTWARE\GAMES\Top Flash Games.exe" -d F:\SOFTWARE\GAMES
Task: {00E14294-39D0-4D77-A30D-9C4F27EC6212} - System32\Tasks\{E2E6F04F-8332-47A7-9C3C-277E917D850C} => msiexec.exe /package "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
Task: {0101E141-7531-4607-8700-2CFC5C7C5E74} - System32\Tasks\{3DA55CC3-F90D-4F19-9245-9F9E5657A775} => pcalua.exe -a C:\Users\john\INSTALER\AlienShooterDemo.exe -d C:\Users\john\INSTALER
Task: {02747C29-7D70-4CDB-B56E-00BBD279A361} - System32\Tasks\{65917F1E-51CC-4798-ADE7-FC90EE47E5CF} => F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe
Task: {045B2A03-04F0-4308-88D7-FA3727491357} - System32\Tasks\{B34F3067-7FA2-4AA4-86E1-C9B92FFCF122} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {0527640A-BEB9-405E-AB8A-F7031F5A69FB} - System32\Tasks\{373596EF-6BEB-4A59-9893-7BADC5DE471A} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe
Task: {068D3BAB-69ED-42EA-9176-B5F957D39DBE} - System32\Tasks\{05D5DD12-79CD-432E-AA7B-CA1AF787D643} => pcalua.exe -a "C:\Users\john\Downloads\17_Great_Swimming_\Auto Install\Install.exe" -d "C:\Users\john\Downloads\17_Great_Swimming_\Auto Install"
Task: {070281A5-ADA0-40E5-9FD5-E5BD94525F45} - System32\Tasks\{3474BED7-1749-471A-8394-B20A1B6B38EA} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {0949DE31-7A8B-45A8-ADA6-F0C3BB9367A1} - System32\Tasks\{D5B20F17-42FD-4CF3-8950-72771289E203} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {0D42D464-2F69-4D0E-81EF-A42EF0813CAC} - System32\Tasks\{76B701D8-57C6-4969-A4F0-7F7863386241} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {0DBA95FA-8263-4F91-B4C2-32D71AF101C3} - System32\Tasks\{D8803875-2248-4E4D-9F79-241B1CC9C237} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\TTL.exe
Task: {0DC0EF6E-751C-4350-B6F7-3E3A3BB87FD1} - System32\Tasks\GoogleUpdateTaskMachineCore1d076f59cac145b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {0E242664-FBC9-486F-A50D-67464DA8D8A9} - System32\Tasks\{CEED2990-1686-4541-94BC-A4FC1A09C2CA} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
Task: {0E7411F5-6348-49AD-B4C3-064804543514} - System32\Tasks\{C7DDDF30-0E92-4CFF-8B94-0183370E4CDA} => pcalua.exe -a "F:\SOFTWARE\GAMES\Alien vs Predator 2\AVP2 (2).exe" -d "F:\SOFTWARE\GAMES\Alien vs Predator 2"
Task: {0EDEEB1D-A897-402D-8113-DE00B7582B3A} - System32\Tasks\{6D145217-0AF0-45CF-8A3F-02E3D682FB61} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
Task: {106AA770-1C72-42C6-A658-04A5C9D5296C} - System32\Tasks\GoogleUpdateTaskMachineCore1d20073240d64cd => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {11850158-E530-4D46-8CF5-3FD620CC04E6} - System32\Tasks\{3BD5A81C-357C-4313-9BF3-2B5B30392DC7} => pcalua.exe -a F:\SOFTWARE\Dc_vs_Marvel_Mugen_Edition.exe -d F:\SOFTWARE
Task: {14B0AF28-5218-4AE5-BAF9-9DC25F0B24F7} - System32\Tasks\{EAC08ADF-E9C8-49DD-83AC-57C21B5D15EE} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {14CDB44D-6E2C-42BC-AD7C-DCFCD8A74F0A} - System32\Tasks\{58662414-4FE4-484A-BD75-5D69CC4180E0} => pcalua.exe -a "F:\SOFTWARE INSTALER\jre-8u74-windows-i586.exe" -d "F:\SOFTWARE INSTALER"
Task: {16E0068D-B96B-4FFF-BB24-40518C548DC3} - System32\Tasks\{D6B4C2A5-E948-4792-8870-5A45FE470DAA} => F:\SOFTWARE INSTALER\MY GAMES INSTALLER\GUN HOLDER\GUN HOLDER\GUN HOLDER.exe
Task: {1957A7E5-C49E-4504-BE5F-30445AF5796A} - System32\Tasks\{B94FBA8D-0DE7-45CD-AB46-FCBB36C23882} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {1AA50F3A-A2F0-4F6C-A9A0-28F98330373C} - System32\Tasks\{13827CAE-AD2F-41FB-B0B9-73801A749CDD} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPSCreatorModelPack13\FPS Creator - Model Pack 13.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPSCreatorModelPack13"
Task: {1DE7E31A-E479-431B-BE5F-D00F615E51AA} - System32\Tasks\{84A38175-6D8F-41F6-941C-767A737E64B0} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\Project IGI\SETUP.EXE
Task: {22893088-13B9-4C76-91D8-6ACE60CE1810} - System32\Tasks\{F20F6670-957C-4BEC-ADCB-F5B5891DDBB9} => pcalua.exe -a "C:\Users\john\Downloads\Hitman 1, kkabod\Hitman 1\Setup.exe" -d "C:\Users\john\Downloads\Hitman 1, kkabod\Hitman 1"
Task: {253338D3-59CB-4CDB-A840-A79583B69EF2} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f2eb9e8a064 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {2684E7FE-60BB-4184-8F8F-569C806D0B79} - System32\Tasks\{C9E2F816-9295-4429-A9B2-B80E75445146} => pcalua.exe -a "F:\SOFTWARE\GAMES\GTA COLL\Grand Theft Auto3_LC\SETUP.exe" -d "F:\SOFTWARE\GAMES\GTA COLL\Grand Theft Auto3_LC"
Task: {28E25B2A-C6FE-465B-B4AA-3A27D86563F8} - System32\Tasks\{01FF9B5F-2602-4C45-A7F3-47289E67B5E2} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {299149E4-FDBF-4FD9-8BEF-879AA99AB250} - System32\Tasks\{B1FDACF6-148E-4DCA-842A-3D10CEABDD9B} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\BONUS\HIDDEN OBJECT GAMES\Mystery of Cleopatra\Mystery of Cleopatra.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\BONUS\HIDDEN OBJECT GAMES\Mystery of Cleopatra"
Task: {2C069DDC-612C-495C-A1D7-78A68DEE608A} - System32\Tasks\FreeDownloadManagerNetworkMonitor => F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe [2016-09-09] ()
Task: {2CFDA930-6F43-4B1F-B84E-3FDEF3C44E98} - System32\Tasks\{BC31B78F-1547-46B1-889F-913727111AA1} => pcalua.exe -a "C:\Program Files\EA Games\Need for Speed Undercover\setup.exe" -d "C:\Program Files\EA Games\Need for Speed Undercover"
Task: {2DF18C6A-34B9-4A35-8AB0-5373241A0622} - System32\Tasks\{F7ED27F1-E176-415D-AA45-1DFE490C03C1} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {2E22A60F-F154-41D1-B401-A4772885ADBF} - System32\Tasks\{4E96D605-1490-4D48-B729-E3B23EA7EC25} => pcalua.exe -a "C:\Program Files\Smart File Advisor\sfa.exe" -d F:\SOFTWARE\GAMES\3rdp_beta -c /unknown "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
Task: {313CB86D-C90C-4F39-889E-C4BAC0ABD0E8} - System32\Tasks\{A925D1FB-B4EA-4396-9C17-7B1EDD5745F3} => pcalua.exe -a C:\Users\john\Downloads\ultimatevicecity2.exe -d C:\Users\john\Downloads
Task: {330ACDB0-7493-47B2-9AAB-E654DF779E17} - System32\Tasks\{48D7B5B3-1279-4B5C-8504-AEA7C8E2B17F} => pcalua.exe -a C:\Users\john\INSTALER\FlashGamesSetup.exe -d C:\Users\john\INSTALER
Task: {340D07C2-FE8C-4B49-8D0F-549983812E97} - System32\Tasks\{E8B3B7CB-4E71-404A-AC85-772E8BDB0525} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Program Files\CarReplacer\ST6UNST.LOG"
Task: {37673D8C-2F02-47B9-A5BD-145CD49249BF} - System32\Tasks\{E67EDB00-4570-4AE0-B4BF-E405965C34B5} => pcalua.exe -a "F:\SOFTWARE\GAMES\Installer\Spider-Man Friend or Foe\SMFOF\Setup.exe" -d "F:\SOFTWARE\GAMES\Installer\Spider-Man Friend or Foe\SMFOF"
Task: {393C1257-649D-47F0-A101-BD834985DA72} - System32\Tasks\{41C103E3-1011-4BE6-A9F7-5C53F3F1AF54} => pcalua.exe -a "E:\GAMES INSTALER\(pc game) alien shooter [full]\(pc game) alien shooter [full].exe" -d "E:\GAMES INSTALER\(pc game) alien shooter [full]"
Task: {3A3B9F4B-A924-4DBD-81B0-9042726F1B36} - System32\Tasks\{A515301F-0A35-42AB-A1CB-31A3B8207EAF} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {3A875C8A-B833-41C3-827F-FFACD85EE7A6} - System32\Tasks\{1D9255C1-19D5-449D-96CF-2E811CEC2D96} => pcalua.exe -a "F:\SOFTWARE\Cricket Revolution Setup.exe" -d F:\SOFTWARE
Task: {3B974FC3-C22C-4F8A-B359-1EB6BCCB4D6A} - System32\Tasks\{B2020C4E-912F-4121-A78E-2EC8C9018D1E} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {3BE08B96-D6C1-45CA-8DE5-F8D63D49FE3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {3C0207C6-DAF3-4B7E-A9D7-13DA6B7079D7} - System32\Tasks\{2B87E4CF-D890-4B2A-BB55-5A09775410CC} => pcalua.exe -a F:\SOFTWARE\GAMES\RE4\launcher.exe -d C:\Users\john\Desktop
Task: {3C0B7918-0449-4DE7-92F2-877C54E67BBA} - System32\Tasks\{4312A229-D5B1-4C9A-B277-46046257274E} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {3D76DDC2-A193-495F-A217-75D8D11B2843} - System32\Tasks\GoogleUpdateTaskMachineCore1d016506776cf4c => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {3DB81F54-7B85-419E-90B9-C84C32B25685} - System32\Tasks\{48FC324A-1FE4-40A6-87E7-1F5C3DCBB3BA} => pcalua.exe -a "F:\SOFTWARE\Sci-fi\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d F:\SOFTWARE\Sci-fi\3DSFMM2
Task: {3FE28AC9-5A50-47EA-9092-935FD2BFB031} - System32\Tasks\{129BF4A3-35CF-4628-AC7E-3C990A628150} => pcalua.exe -a D:\Simon\GTAVC\GTAVC\setup.exe -d D:\Simon\GTAVC\GTAVC
Task: {4266E050-E674-4883-A810-48970EA706B0} - System32\Tasks\{2E5897A4-B2DA-4A64-B3A6-32C789E8CAF2} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {42F6B276-5CFE-4B62-A189-823F47BBC7D0} - System32\Tasks\{50D0BA28-B5B5-4436-8708-46D02B059606} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {43D6C43A-8B20-4C7F-A061-A70567F30815} - System32\Tasks\GoogleUpdateTaskMachineCore1d093f73f14b8b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {442BEC5F-39EF-45C4-B9B0-8D5FE1EA925D} - System32\Tasks\{D2819F58-C7B9-43E0-B7FC-CC7D04F671FA} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {449D6243-66A9-4E38-8F90-FB7D7BC8B6B2} - System32\Tasks\{8A02F65B-9F35-4760-9360-F52C0EF28E49} => pcalua.exe -a "F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe" -d "F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1"
Task: {48E8EE20-94F4-4226-810F-7B700DC7BDA1} - System32\Tasks\{4AAB42F5-0303-4CA6-BEC8-25641736BCB7} => pcalua.exe -a F:\SOFTWARE\PC_Game_Captain_Claw\Captain_Claw.exe -d F:\SOFTWARE\PC_Game_Captain_Claw
Task: {4D045905-4067-48E6-9A7A-B3CA71F3D3CD} - System32\Tasks\{A67A488D-B88A-4318-AD63-6FAAD5348AF9} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
Task: {4ECC40EC-6AA3-496C-BAAF-D6E1CED6C359} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d093f6df30a7ef => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {4FC85321-2501-4B6E-822F-F333092043E7} - System32\Tasks\{B9390F74-AB50-463C-9DAD-5545C019B0E6} => pcalua.exe -a F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English.exe -d F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English
Task: {50687F36-9E0D-4053-B406-EF08E7A5E39C} - System32\Tasks\{87CDCB4B-4029-4D9C-9C3D-972DAA004789} => pcalua.exe -a F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1\Setup.exe -d F:\SOFTWARE\GAMES\FPSCreatorFree\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1
Task: {50D4DA95-8F52-47A4-9074-18A075E40CAA} - System32\Tasks\{9BA04DE8-B0FC-4F41-9AFB-1485887D2008} => F:\SOFTWARE\GAMES\Disk1\GTA IV\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {51D9C856-80AD-4DD6-BCB4-F0B2DF42BA82} - System32\Tasks\{E4CEFB91-901F-4D67-8087-2A0F05E7E8A9} => pcalua.exe -a C:\WINDOWS\ISUNINST.EXE -c -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Task: {578D7EDA-31AF-4A7D-9DD7-C65AAD438E95} - System32\Tasks\{2D74B2DB-F334-48C1-AD4E-C536F3C58FFC} => pcalua.exe -a "F:\SOFTWARE\GAMES\gta mods\Setup_1224997649.exe" -d "F:\SOFTWARE\GAMES\gta mods"
Task: {57BD3291-EBD9-4896-B170-DD0532EFA6EA} - System32\Tasks\{1B5E53BD-CDAD-459B-8AA3-3B316C4BFAAE} => F:\SOFTWARE\GAMES\Installer\Manhunt 1 pc\Manhunt 1\Manhunt\manhunt.exe
Task: {5A722E8C-EE69-4E49-A9A8-211D9C2F5E1E} - System32\Tasks\{AD75DD0E-0F23-4A9D-BDFC-376FE827900E} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman\SetupReg.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman"
Task: {5B43CF1C-5ACD-41EC-A7A4-BC53A5B0FE26} - System32\Tasks\{DE6C0DA1-8738-43F3-82E2-8F2532C4EA11} => pcalua.exe -a "F:\SOFTWARE\3D\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d F:\SOFTWARE\3D\3DSFMM2
Task: {5B915FC5-FD9C-461E-802F-4D7B3F448819} - System32\Tasks\{9EEE59D8-FA14-4C0D-AE3C-84899D3340DD} => pcalua.exe -a "F:\SOFTWARE\GAMES\Tony Hawk Coll\Matt Hoffman's Pro BMX\MHProBMX\Setup.exe" -d "F:\SOFTWARE\GAMES\Tony Hawk Coll\Matt Hoffman's Pro BMX\MHProBMX"
Task: {5B994750-FADD-4D7D-A88C-96F6D0E56D71} - System32\Tasks\{7811BBC2-C3D6-4573-89FD-38C5D1CF1D23} => F:\SOFTWARE INSTALER\MY GAMES INSTALLER\GUN HOLDER\GUN HOLDER\GUN HOLDER.exe
Task: {5C47D654-F669-4B43-80AC-C3E791BA6F14} - System32\Tasks\{0EA76A0F-BA75-4861-ADC2-8FC095EBEE6B} => pcalua.exe -a "C:\Windows\Big City Adventures-Sydney Australia\uninstall.exe" -c "/U:F:\SOFTWARE\GAMES\BC\Uninstall\uninstall.xml"
Task: {5CF9D825-9E21-477F-9C6C-8B13C57AB826} - System32\Tasks\{F787B258-F7A2-492C-9B1A-EE079A63746A} => pcalua.exe -a "C:\Users\john\Downloads\IPL in cricket 2002\IPL in cricket 2002\IPL in Ea cricket 2002 Installation file.exe" -d "C:\Users\john\Downloads\IPL in cricket 2002\IPL in cricket 2002"
Task: {5F49A61C-4AD8-41D7-B67B-E6E9481AFCF9} - System32\Tasks\{0A8ED3A7-5BF6-4E16-B0A0-C5A814B2A28F} => pcalua.exe -a "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe" -d "C:\Program Files\Common Files\Adobe AIR\Versions\1.0"
Task: {610C0BD0-3E76-432A-93BA-C5D929B8FC97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {653BDD9B-F475-4AF9-A239-81F69C2AADE0} - System32\Tasks\{4B9296DC-2C21-4F02-870E-533BAD323EFB} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
Task: {697EE54C-EC8A-4CC5-A320-7373D20F2EFE} - System32\Tasks\{B6F5E290-AAFA-4131-ABBD-21B068468C16} => pcalua.exe -a "C:\Program Files\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {6A016004-30E6-479D-B965-C05D68B4F4F0} - System32\Tasks\{C08D028F-306F-4FEF-B493-75EFB1B248F1} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
Task: {6AA435F0-E7AF-4657-965B-3976DC38E51A} - System32\Tasks\{F569FAA6-BF87-444D-935B-0403C8C42DB1} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {6AE757DF-16ED-4C89-91E2-59AC8BD09DFA} - System32\Tasks\{FCC4046C-6A2F-4E69-B31C-88F431F6201A} => pcalua.exe -a F:\SOFTWARE\GAMES\ironman{www.grandpcgames.com}\IronMan{www.grandpcgames.com}\setup.exe -d F:\SOFTWARE\GAMES\ironman{www.grandpcgames.com}\IronMan{www.grandpcgames.com}
Task: {6B9B080C-8834-41E6-A02B-4E701400E37C} - System32\Tasks\{3DBFD8FC-0FE0-45C5-B076-D65C988E7F73} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {6EFE6006-D8CB-49CF-8A48-405AFA513EE0} - System32\Tasks\{EAA11498-8659-4E9F-BF73-B0524C1EBD79} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\LeeGTs Games\Mystery of Cleopatra\MysteryOfCleopatra.exe"
Task: {7705FFD8-7267-4A55-806E-AB0CC33DA287} - System32\Tasks\{5D69DFCF-CAE7-4CCF-AD57-173C3D2EA726} => pcalua.exe -a "F:\SOFTWARE\GAMES\HITMAN\Hitman - Codename 47\Setup.exe" -d "F:\SOFTWARE\GAMES\HITMAN\Hitman - Codename 47"
Task: {778E0453-3AA9-4253-83E7-CE6154D54EB0} - System32\Tasks\{BF73481C-4937-48A7-95B2-55535FEA0395} => pcalua.exe -a C:\Users\john\Downloads\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg\ms3d184setup.exe -d C:\Users\john\Downloads\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg
Task: {781DBD4A-09F6-4B14-9091-4D986233E9EE} - System32\Tasks\{23D4E67A-44F0-4862-A338-A5DC403C7437} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {794F5E6C-A365-4CE6-8EC2-3359431EDFCE} - System32\Tasks\{EAE8D808-4A93-446C-A9DE-2680C32535AD} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
Task: {7ACEF580-8086-481B-AAC2-32E14983A041} - System32\Tasks\{BC2F6DCB-D3CD-462F-85A5-B7DCFF6BB9F0} => C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE [2010-05-20] (Microsoft Corporation)
Task: {7E0A75B6-B714-41FB-8228-0F33F10FA839} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d17c18fa5ce246 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {7F611482-7545-4AE9-8D91-77FE8E5194FC} - System32\Tasks\{E243BE9A-BDBE-4BDB-927B-685141552FC2} => pcalua.exe -a "C:\Users\john\Downloads\25 To Life Portable\codecs\wmp6cdcs.exe" -d "C:\Users\john\Downloads\25 To Life Portable\codecs"
Task: {7F8C3F00-13C8-4B55-A228-D60FEDF5A064} - System32\Tasks\{9F2B977A-15F0-4499-B779-0AE415BF5A25} => pcalua.exe -a C:\Users\john\Integrated_BrotherSoft_TB.exe -d C:\Users\john
Task: {875EFB9C-B2E5-4138-AD19-02A72912BC9E} - System32\Tasks\{AD5DF03F-212A-4BF5-8B1C-AA67E22153BC} => pcalua.exe -a "C:\Program Files\RADVideo\radvideo.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bink and Smacker"
Task: {88B98B1B-E8C9-4F88-8724-763D37211FB5} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe [2017-01-18] (UCWeb Inc) <==== ATTENTION
Task: {88F3C954-FEF0-4DD0-AAED-4C78083AA355} - System32\Tasks\{D0BF31D6-9696-4788-B8CA-FB96F133558D} => F:\SOFTWARE\GAMES\sof\sof3.exe
Task: {89DD8A2F-484B-4FB8-A2B8-396FC66DAB0A} - System32\Tasks\{99CFE9FF-DC70-4E12-8019-8CB5C9486A18} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Grand Theft Auto4_VC\GTA Vice City.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Grand Theft Auto4_VC"
Task: {8A52E0A4-9FCA-445D-8AF9-6FA7BCC9E744} - System32\Tasks\{6AD0D404-D0FB-447E-A66D-4E53923F121A} => pcalua.exe -a "F:\SOFTWARE\GTA San Andreas Highly Compressed.exe" -d F:\SOFTWARE
Task: {8C19DBD5-0ADF-43A7-80FA-467FE51A9C5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000UA => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {8D32B812-7FF3-48FA-ABFA-567BE6E26E5F} - System32\Tasks\{4092DCE0-383E-48BC-BED6-115E2728545C} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
Task: {8D65B8CA-27D4-4CEE-8F3E-6073E32A93DB} - System32\Tasks\{FC62F8A9-2EAE-4C02-BFDD-1F06ACB4D7BE} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
Task: {8DDAC4EE-B9F0-4BF2-AD7E-9CAEE5DF329A} - System32\Tasks\{64387EF1-1483-4973-A063-7BD1DC13BE6E} => pcalua.exe -a C:\Users\john\Documents\Downloads\hod3_trial.exe -d C:\Users\john\Documents\Downloads
Task: {8ED2F185-4683-4ABC-8E58-6600A7E2CFE7} - System32\Tasks\{C25418E4-7379-4422-B616-7B5E8BE09387} => pcalua.exe -a C:\Users\john\Downloads\SetupFaceControl.exe -d C:\Users\john\Downloads
Task: {905AC9DB-4715-4D61-84B7-A5444CFC9A4D} - System32\Tasks\{6AF62A1F-9C56-4809-95D8-6D36C6364CDB} => F:\SOFTWARE\GAMES\Installer\FarCry\FARCRY Disc 1\setup.exe
Task: {90A72B92-3E2F-43EE-B74B-C7F845C6580E} - System32\Tasks\GoogleUpdateTaskMachineCore1d1d774da17be96 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {91B4FC65-4DCD-4D89-94D2-C7E9B012091D} - System32\Tasks\{3BD714A8-4720-4475-9005-7705D3E1FBA4} => pcalua.exe -a "F:\SOFTWARE\COMMANDO2\Commandos 2\SETUP.EXE" -d "F:\SOFTWARE\COMMANDO2\Commandos 2"
Task: {94F3C1CB-0889-4E86-9006-A22A95F181E1} - System32\Tasks\{7108D2BA-C91D-49D7-9E47-6C5B59C6DE36} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {95ACEB18-2D26-48D8-8FE1-186B0CB350C1} - System32\Tasks\{22ED1228-0A82-4435-9253-B422E15D164C} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe
Task: {97EB3B94-9219-4DA8-B88A-B94BFD5E9AE1} - System32\Tasks\{14BAF71A-EDC6-43D2-85D2-F2D01C214111} => F:\SOFTWARE\GAMES\BurnOut Paradise\Burnout ParaDise{GNdH}\Burnout ParaDise{GNdH}\BurnoutParadise.exe
Task: {983D0185-9ED3-40CA-98AA-31E8AC71A2B7} - System32\Tasks\{7DFB5AF2-1452-43DF-8B0C-4B2E145C6C59} => pcalua.exe -a "F:\SOFTWARE INSTALER\ultimatevicecity2.exe" -d "F:\SOFTWARE INSTALER"
Task: {9AA8D228-E6B9-4458-8273-116D1B59809F} - System32\Tasks\{4164A57F-CCCA-4190-873C-DAE8DA3E9EA7} => pcalua.exe -a "F:\SOFTWARE INSTALER\install_animoids_dl\Windows\install_animoids.exe" -d "F:\SOFTWARE INSTALER\install_animoids_dl\Windows"
Task: {9B3D424E-6D55-4716-A5CD-A6C19084DD60} - System32\Tasks\{12D56BBA-AD8C-4251-B3D0-9462E83996AC} => pcalua.exe -a "F:\SOFTWARE\New folder (2)\bike fly\bike fly.exe" -d "F:\SOFTWARE\New folder (2)\bike fly"
Task: {9D825210-E307-4968-80A9-D3D03DA88F86} - System32\Tasks\{D70DA801-B03F-4460-9E46-61733BFD7B4E} => pcalua.exe -a F:\SOFTWARE\GAMES\CALLOF~1\Uninstall\Unwise.exe -c /u F:\SOFTWARE\GAMES\CALLOF~1\Uninstall\Install.log
Task: {9DAE06E0-03A2-42A3-95E4-D6DCD0A83EAA} - System32\Tasks\{59B0097C-25FA-4072-A677-F83829C7AC74} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\TTL.exe
Task: {A05B0E66-6BC5-472C-9E5F-5CF7ECAB0740} - System32\Tasks\{2CEE4132-7BE5-4A3F-BF34-0A444A78AF54} => pcalua.exe -a F:\SOFTWARE\GAMES\setUP347.exe -d F:\SOFTWARE\GAMES
Task: {A3A2D152-E3E0-49B7-871B-1F701A76FF16} - System32\Tasks\{BEDED5CE-3CE8-4FB4-A65F-4DD15BA06E35} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {A4F811F3-A417-4006-9457-DACF05966BFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {A999E4E8-113F-43F9-AAFA-31113CF588CF} - System32\Tasks\{1D2EFDE2-9AF3-4732-BE8A-CA0B72377F37} => C:\Program Files\Gam-A-Guru\Fire Jolts\Game\Game.exe
Task: {AF2CEA20-DE8B-4940-AFDC-69FC33C5A3BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {B1A5C201-A835-49FD-8A5E-AF7AE9E8A8C3} - System32\Tasks\{C02B878B-D6A2-4771-9534-C8CF2858CB7B} => F:\SOFTWARE\GAMES\Mac Monster Truks (fullypcgames.blogspot.com)\MonsterTruckFury.exe
Task: {B5F69C27-E310-438C-B570-0399B25E7A02} - System32\Tasks\GoogleUpdateTaskMachineCore1d17acab00ca3d9 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {B70643A6-FB18-4F4F-9B3E-E0591C17921D} - System32\Tasks\{44AE25A9-6E17-47A5-B2EE-675FCC306744} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\Hitman 1, kkabod\Hitman 1\Setup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\Hitman 1, kkabod\Hitman 1"
Task: {B78ABD30-C545-476A-94E5-C31BE8FF86DC} - System32\Tasks\{FB436C00-19C0-4B3A-B5F9-94EFC6756C5C} => pcalua.exe -a "F:\Gamez\Counterstrike Condition Zero\AUTORUN.EXE" -d "F:\Gamez\Counterstrike Condition Zero"
Task: {B92A95A9-8862-4DEA-AC4F-B8F640744AB6} - System32\Tasks\CrackTracker => C:\Program Files\zabkat\crack tracker\craktrak.exe
Task: {BB2FCEF5-84F8-4E58-8667-31E53246F9BA} - System32\Tasks\{078A3136-D228-439D-B20A-2AF6A84C4DB7} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {BC1237E8-C9EE-4C05-86FC-85A3B39C0BE2} - System32\Tasks\{561DF6EC-1812-43D7-9A8E-536A93F5564A} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {C750C08B-E07E-405E-BAA8-D1D976413156} - System32\Tasks\{E8FC51EB-116B-49CF-B0E3-BE51C98FEB93} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman\Spider-Man Setup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\activision_-_spiderman_full_pc_game\Spiderman"
Task: {C8EC5BFF-E243-40F4-B075-12767BDD921B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-26] (Adobe Systems Incorporated)
Task: {CCDBA163-5050-4AF9-AB46-6A90680BD2F1} - System32\Tasks\{FAC50A4D-C0C3-4032-81CD-C835BB16F3A7} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English"
Task: {CE9BF9C4-A1CE-4D3F-B464-B3DE67A9BCDF} - System32\Tasks\{D0E9313E-14CB-4D11-859B-26360006C739} => pcalua.exe -a "F:\SOFTWARE INSTALER\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg\ms3d184setup.exe" -d "F:\SOFTWARE INSTALER\MilkShape.3D.1.8.4.Incl.KeyGen-F4CG\f4ms01\f4cg"
Task: {CF21B205-E5F7-45DA-9AA7-B07E8B30CE66} - System32\Tasks\{23763B24-4ED4-4A02-8746-0DB3BBDED29F} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\codecs\wmp6cdcs.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\25 To Life Portable\codecs"
Task: {D1662E1C-A699-431F-9DAD-8DBCEEDFF103} - System32\Tasks\{2E8EE9A6-0EF2-43A2-AEDC-BAD8E25AD0D8} => pcalua.exe -a F:\RGSC_1_1_3_0\RGSC_1_1_3_0.exe -d F:\RGSC_1_1_3_0
Task: {D2028427-32DB-44F5-AA61-E8DBEE9FF534} - System32\Tasks\{8E95A132-02FF-4127-9107-BDC81BE4C5DB} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {D26C1033-9887-4268-BC03-DCC312F82E42} - System32\Tasks\{48A3F74B-102F-42F7-97D8-CC7D7B81C29D} => msiexec.exe /package "F:\SOFTWARE\GAMES\3rdp_beta\3rdp_beta.msi"
Task: {D34F4F76-1BCC-4701-984B-8DB779F60BE6} - System32\Tasks\{ECF229E3-41ED-484D-92D2-3B3A0AEA3741} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {D474B054-611E-48BF-9D6C-166B7FF1039A} - System32\Tasks\{34103A99-055F-4789-AE7E-131DF7533E64} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {D5A092EF-3DBB-40A4-AAE3-A4D39BC16AEC} - System32\Tasks\{ED128BDA-21DF-4A02-9212-5E7F35B381D8} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {D8D61169-9B3E-4F6A-820B-4948CF4901F7} - System32\Tasks\{E0DDEE73-E98B-4848-A2BA-9603B7A94529} => F:\SOFTWARE\GAMES\Installer\Halo\halo.exe
Task: {D9BC1919-1A5B-4C4D-BA75-DF95C86E114C} - System32\Tasks\{B3A3C857-58D5-4B85-9DEA-AE97931BB6D2} => pcalua.exe -a "F:\New folder\3DSFMM2\3D Sci-Fi Movie Maker 2.04.exe" -d "F:\New folder\3DSFMM2"
Task: {DA6618C5-255A-4AAF-8D9E-35EB3FD219B2} - System32\Tasks\Start Registry Reviver for john-PC@john(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
Task: {DCD31F20-0356-402B-8CEA-EEF89D76E05F} - System32\Tasks\{C3F48B97-04AB-4AC3-94FB-11BAC934E924} => pcalua.exe -a F:\avs\AVSVideoEditor\AVSVideoEditor.exe -d F:\avs\AVSVideoEditor
Task: {DDE9669E-8815-4446-AABB-782192010EDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d20073320433e5 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {E03EFFE5-EAC0-4E82-86B7-4AE31C00E1B8} - System32\Tasks\{B71F23FA-279B-4DDD-89E1-B629B3C9E70F} => pcalua.exe -a C:\Users\john\Downloads\Swf2Avi_Setup.exe -d C:\Users\john\Downloads
Task: {E1654A0A-5473-486D-9CC2-8F33C532CB13} - System32\Tasks\{C423D519-1269-4114-9565-FE6BB13F42A2} => pcalua.exe -a C:\Users\john\Downloads\imgtool20\imgtool20\IMGTool.exe -d C:\Users\john\Downloads\imgtool20\imgtool20
Task: {E84B95EC-71F1-4D1C-9145-B56BB32A65D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d13979c826472a => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {E9F9BA78-C1AB-4C4B-8E1D-6D0B3290F399} - System32\Tasks\{C14DF91E-1B95-4968-84F3-6B22DBEA3B4E} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\New folder\Games\Project IGI\SETUP.EXE
Task: {EA84C26C-7C9A-4B20-A9B6-2076B9ACA8A9} - System32\Tasks\{DFA8041A-9F86-4F54-A626-B0E2529C9667} => F:\SOFTWARE\GAMES\Disk1\GTA IV\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe
Task: {ECFA2B6A-644C-4718-ABC5-FBC7FE54F5A6} - System32\Tasks\{B2A7C95D-0780-440D-BE9E-62A26BF656B1} => pcalua.exe -a F:\SOFTWARE\GAMES\UnInstall.exe -d F:\SOFTWARE\GAMES
Task: {ED67A7DB-DA0C-4727-AA8D-27A1E9AD5969} - System32\Tasks\{884FD653-1594-4CC3-8FA0-1F1A5C894517} => pcalua.exe -a "E:\GAMES INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\Adobe Photoshop Cs3 Extended Full Version\A__d__Lite\Adobe_Photoshop_CS3_Lite\Adobe Photoshop CS3 Lite.exe" -d "E:\GAMES INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\Adobe Photoshop Cs3 Extended Full Version\A__d__Lite\Ado (the data entry has 22 more characters).
Task: {EE09FC41-123F-4604-8FEC-7655763D8669} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1c96b76750e9391 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {EF117CAD-9B77-42DC-B329-9414E7DD516F} - System32\Tasks\Tolzermght Adapter => C:\Program Files\Kugshcoijich\ckersiward.exe [2017-02-07] (Glarysoft Ltd)
Task: {F32C8DC4-64BD-472F-9DCC-21C2B044BC72} - System32\Tasks\{0B9CA604-9E4D-4784-B38C-787DD935EB3E} => F:\SOFTWARE\New folder (2)\Fairyland\Land.exe
Task: {F40C808D-36A9-4DE0-A586-D54E5C3AFB30} - System32\Tasks\{5111BAEF-4EF8-4CAE-9FC7-7A37828E0DFC} => pcalua.exe -a "F:\SOFTWARE\GAMES\Spiderman Coll\Spider-Man Friend or Foe\SMFOF\Setup.exe" -d "F:\SOFTWARE\GAMES\Spiderman Coll\Spider-Man Friend or Foe\SMFOF"
Task: {F52FF28B-C246-4C13-9786-9DA92F73ECE8} - System32\Tasks\{12F6E446-1F06-493A-ADAC-ABD7836C2E91} => pcalua.exe -a "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\Disk1\Setup.exe" -d "F:\SOFTWARE\GAMES\FPS GAMES\FPS CREATOR\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_English\FPS_Creator_Model_Pack_6_Engli (the data entry has 9 more characters).
Task: {F55C7924-4354-420E-AEA9-5748A6373179} - System32\Tasks\{083A8F1A-06E6-46C6-AF26-079AAFA471C1} => F:\SOFTWARE\GAMES\Installer\roadrash\roadrash\ROADRASH.EXE
Task: {F6FDBA5C-40A9-488A-8340-92A3D68497D8} - System32\Tasks\{0B0145C4-2A6E-4832-A24E-20E661A8D27D} => pcalua.exe -a "C:\Program Files\Activision\Spider-Man Demo\Spider-Man Setup.exe" -d "C:\Program Files\Activision\Spider-Man Demo"
Task: {F7A51897-0E26-499B-9BE6-A92A0B254281} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d01646fee86a63 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {F7B3EB7D-A397-476D-BC2A-A16EC5C82A7E} - System32\Tasks\{DC35C43B-190F-4888-BF7E-5CE76D7720E6} => F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\GAMES INSTALLER\X-Men.The.Official.Game.RIP\XMen-TheOfficialGame\xmen.exe
Task: {F7D0648D-E0B9-4E4C-8B06-996565236C16} - System32\Tasks\{62630B4C-B940-4640-A711-87A96794C270} => pcalua.exe -a "F:\Iron.Man.PC.Game.Only.150.MB\Iron.Man.PC Game Only 150MB.www.KosovaDC.com\Iron.Man.by.GranD.MasteR.BeraatZ - www.KosovaDC.com\SetupReg.exe" -d "F:\Iron.Man.PC.Game.Only.150.MB\Iron.Man.PC Game Only 150MB.www.KosovaDC.com\Iron.Man.by.GranD.MasteR.BeraatZ - www.KosovaDC.com"
Task: {FA091FAE-704D-4C77-AA48-819D09E56681} - System32\Tasks\{23D25206-8089-4E41-8B27-3891DCCB9B71} => pcalua.exe -a "F:\SOFTWARE\GAMES\Mario\MarioForever V4.4.exe" -d F:\SOFTWARE\GAMES\Mario
Task: {FB86A1A3-1F41-4516-B051-403C85BBCD97} - System32\Tasks\{CC04E13D-5DB7-4301-B1A8-6B9DDD5FB2B6} => pcalua.exe -a "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\WWE Raw Portable\WWE Raw Portable\RegSetup.exe" -d "F:\SOFTWARE INSTALER\Adobe Photoshop Cs3 Extended Full Version (1)\WWE Raw Portable\WWE Raw Portable"
Task: {FB96B27A-5426-4299-9C3C-941A6418064B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d076f59f224db5 => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {FC210E5F-1BE7-44A0-9E2F-A4601C51FB54} - System32\Tasks\{8C25F203-A8B8-453C-9391-140E765C6235} => pcalua.exe -a "F:\SOFTWARE INSTALER\kgb_arch_win_gui_v1.2.1.24.exe" -d "F:\SOFTWARE INSTALER"
Task: {FC89EE7D-B926-4A42-8D00-C4ECB5182A21} - System32\Tasks\{62472289-97C6-40DA-8750-D4DA9D2A230A} => F:\SOFTWARE\GAMES\Installer\Manhunt 1 pc\Manhunt 1\Manhunt\manhunt.exe
Task: {FCC94352-E6A8-4E01-892D-FBA79AA87B4D} - System32\Tasks\{BE6DA57B-B8CA-45C9-B4BE-52D20A9E4DC7} => F:\SOFTWARE INSTALER\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora_3D_Animation_Maker_11.05031105_Portable (1)\Aurora 3D Animation Maker 11.05031105 Portable\Animation3D.exe [2011-05-05] ()
Task: {FCEDF998-D787-48FB-9FAB-12513A91FBF8} - System32\Tasks\{3D0E3FA7-8948-44DD-84C8-BBFB32787949} => pcalua.exe -a "C:\Program Files\AdorageI-SAL\uninstall.exe" -d "C:\Program Files\AdorageI-SAL"
Task: {FE17B942-EEE0-4071-BDA8-A12F1C05231B} - System32\Tasks\{75D45EB0-620A-4A45-89CB-202EF1054DB6} => pcalua.exe -a "C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)\Full Speed.exe" -d C:\Users\john\Downloads\Portable.Full.Speed.Internet.Booster.v3.3.with.Performance.Test(1)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d076f59cac145b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d093f73f14b8b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f2eb9e8a064.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d17acab00ca3d9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1d774da17be96.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1c96b76750e9391.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d076f59f224db5.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d093f6df30a7ef.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d13979c826472a.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280821914-3189600555-3011743376-1000Core1d17c18fa5ce246.job => C:\Users\john\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\john\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Forum.lnk -> hxxp://www.chumba.ch/chumbalum-soft/forum
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Homepage.lnk -> hxxp://www.milkshape3d.com
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4\Order Online.lnk -> hxxp://www.milkshape3d.com/ms3d/register.htm
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70966059361d4c09\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\john\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
==================== Loaded Modules (Whitelisted) ==============
2017-01-09 21:17 - 2011-04-02 16:03 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2017-01-09 21:18 - 2011-04-02 16:03 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2010-10-03 17:56 - 2009-04-16 14:08 - 00312832 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\hpfpp70v.dll
2017-02-07 15:49 - 2017-02-07 15:49 - 00274944 ____H () C:\Program Files\Tolzermght Adapter\local32spl.dll
2016-10-04 16:15 - 2016-09-09 18:56 - 00658432 _____ () F:\SOFTWARE\DM\Free Download Manager\winwfpmonitor.exe
2016-10-04 16:15 - 2016-09-09 18:55 - 00023552 _____ () F:\SOFTWARE\DM\Free Download Manager\WinDivert.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 00310720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 00900032 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 03037120 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 00220608 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-02-07 15:49 - 2017-02-07 15:49 - 00126464 _____ () C:\Users\john\AppData\Roaming\Cujercult\Atazokclvuph.dll
2010-10-03 17:38 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2016-11-21 03:17 - 2016-11-21 03:17 - 00267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 02122688 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 01608128 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 01502656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 00167872 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 00031680 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 00749504 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-10-14 14:40 - 2016-10-19 00:12 - 00015808 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\icudt53.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]
AlternateDataStreams: C:\ProgramData\TEMP:1CB4A530 [114]
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [236]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
AlternateDataStreams: C:\ProgramData\TEMP:6152D44C [128]
AlternateDataStreams: C:\ProgramData\TEMP:77FB1B64 [104]
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [294]
AlternateDataStreams: C:\ProgramData\TEMP:9D1B94FD [135]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [206]
AlternateDataStreams: C:\Users\john\AppData\Local\Temporary Internet Files:1zTcQognA0ENzQJ1VlX1f0z2BdT [2238]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\...\sony.com -> sony.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 07:34 - 2017-02-10 16:42 - 00003070 ___RA C:\Windows\system32\Drivers\etc\hosts
65.112.87.186 contractjack.master.gamespy.com #heartbeats
65.112.87.186 contractjack.ms11.gamespy.com #server list
65.112.87.186 contractjackd.master.gamespy.com #heartbeats
65.112.87.186 contractjackd.ms3.gamespy.com #server list
65.112.87.186 nolf2.master.gamespy.com #heartbeats
65.112.87.186 nolf2.ms9.gamespy.com #server list
63.239.170.9 natneg1.gamespy.com #firewall nat negotation server 1
63.239.170.10 natneg2.gamespy.com #firewall nat negotation server 2
63.144.111.199 natneg3.gamespy.com #firewall nat negotation server 3 (rarely used)
65.112.87.188 gamestats.gamespy.com #statistics, required by some games
63.239.170.53 motd.gamespy.com #message of the day placeholder
65.112.87.187 chat.gamespynetwork.com #chat/lobby, required by some games
65.112.87.187 peerchat.gamespy.com #chat/lobby, required by some games
65.112.87.186 gpcm.gamespy.com #gamespy login session tracking
65.112.87.186 gpsp.gamespy.com #gamespy account validation
65.112.87.186 master.gamespy.com #older games server list
65.112.87.186 master0.gamespy.com #older games server list
127.0.0.1 skiptline
127.0.0.1 onhax.net
127.0.0.1 www.onhax.net
127.0.0.1 forum.onhax.net
127.0.0.1 labs.onhax.net
127.0.0.1 do2dear.net
127.0.0.1 sanet.me
127.0.0.1 piratecity.net
127.0.0.1 rsload.net
127.0.0.1 www.masterkreatif.com
127.0.0.1 idm-crack-patch.blogspot.in
127.0.0.1 www.fullstuff.net
There are 3 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2280821914-3189600555-3011743376-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\john\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: PinnacleUpdateSvc => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: UCBrowserSvc => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files\Digidesign\Drivers\MMERefresh.exe
MSCONFIG\startupreg: gflauncher => "F:\SOFTWARE\GAMES\WarFace\GFACE Launcher\live\gflauncher.exe" --autostart
MSCONFIG\startupreg: Google Update => C:\Users\john\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: nppApplication => "C:\Users\john\AppData\Roaming\NotepadPlusPlusApp\nppApplication.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{DCBE7502-1C57-48CC-A421-2688BBCD22D6}F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{7AD2D35D-ECFA-48A1-87E9-0C65304521B1}F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\l4d online\valve\valve\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{9A8FA688-D302-4850-B3DE-1059CAC96818}F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
FirewallRules: [UDP Query User{9B049ED7-7D6C-4DA4-A97B-195E2DC6B372}F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
FirewallRules: [{E601E0F6-68C5-4827-8962-12DE11E98E9D}] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
FirewallRules: [{E8E96DB3-1507-4F8F-BC2E-C40242198E18}] => F:\software instaler\mymobiler_0.9.8.2\mymobiler.exe
FirewallRules: [TCP Query User{FAD0729C-2166-4496-95EA-2999A5ACE7A2}F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [UDP Query User{A2E3AB5D-5CA9-4C63-AFB3-FDAC53AA9ED8}F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [{81616F60-9D28-48DA-B82A-224210E263C6}] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [{5D2E5B9E-A073-4593-A46C-DC0F9B7D00CF}] => F:\software\games\graw2\ghost recon aw2\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [TCP Query User{B9D24952-CF0A-46C0-8D72-E47BF44C9D0B}F:\software\games\outlast\outlast\binaries\win32\olgame.exe] => F:\software\games\outlast\outlast\binaries\win32\olgame.exe
FirewallRules: [UDP Query User{39EF3D1D-C195-493A-8FDE-121C202CBF63}F:\software\games\outlast\outlast\binaries\win32\olgame.exe] => F:\software\games\outlast\outlast\binaries\win32\olgame.exe
FirewallRules: [TCP Query User{59C3437D-48E3-46A2-BA24-08F0BEFA5B7A}F:\software\games\moto gp 3\motogp urt 3\motogp.exe] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{8F6BE0F7-402B-4B04-AEB8-45BFDC510BCB}F:\software\games\moto gp 3\motogp urt 3\motogp.exe] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
FirewallRules: [{156013AF-593A-4DAE-9AE8-4C7CA5FCDD4B}] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
FirewallRules: [{011BE3B5-C403-413A-8B82-518DE76E5126}] => F:\software\games\moto gp 3\motogp urt 3\motogp.exe
FirewallRules: [TCP Query User{8ACD8895-60E4-4101-B91F-8EBD9D2DA993}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{7F74A6B8-25AB-4AB0-A43A-A96287CEE177}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{A3022DB3-9152-43C7-A963-09C76B8416B3}F:\software\games\moto gp 2\motogp2\motogp2.exe] => F:\software\games\moto gp 2\motogp2\motogp2.exe
FirewallRules: [UDP Query User{D8A3527F-15A5-4D0B-91DC-6473FC162395}F:\software\games\moto gp 2\motogp2\motogp2.exe] => F:\software\games\moto gp 2\motogp2\motogp2.exe
FirewallRules: [{9C0EC179-C96C-47D4-8E9D-7BE975DCA027}] => F:\software\games\moto gp 2\motogp2\motogp2.exe
FirewallRules: [{92B66C16-1328-41CE-96E1-A7D53B009A02}] => F:\software\games\moto gp 2\motogp2\motogp2.exe
FirewallRules: [TCP Query User{09CE43FF-3617-4E0B-A3BB-0BD0AFD84921}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{28008A10-C432-4212-8248-9626A861F497}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
FirewallRules: [TCP Query User{B1FA3379-FCBC-45FA-94D4-1C32A6CC3C51}F:\software\games\motogp\motogp.exe] => F:\software\games\motogp\motogp.exe
FirewallRules: [UDP Query User{42ECE62B-7A23-48FD-B1A5-6BE158BEC85E}F:\software\games\motogp\motogp.exe] => F:\software\games\motogp\motogp.exe
FirewallRules: [{DA4F953F-AA80-49DB-8E7A-F0CBBABF8474}] => F:\software\games\motogp\motogp.exe
FirewallRules: [{54712882-52AC-4E4C-BEA0-B4D311A2512C}] => F:\software\games\motogp\motogp.exe
FirewallRules: [TCP Query User{04DA8932-7B44-47AD-95B3-E4CE587EAC94}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{241459DD-42F9-41C8-A323-B2137351F777}F:\software\games\motogp3\motogp urt 3\motogp.exe] => F:\software\games\motogp3\motogp urt 3\motogp.exe
FirewallRules: [TCP Query User{7E816506-4FBE-4D91-8CAF-8FDECC4AA652}F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe] => F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [UDP Query User{FEE9AD8A-8DC6-4184-8EBE-68FE8C34242B}F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe] => F:\software\games\dead island riptide\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [TCP Query User{C8B35F04-BB2F-4D31-AC1B-58EA724B19F3}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{00804F11-3C8C-4151-9865-F69352D3C6BA}F:\software\games\far cry 3\farcry 3\bin\farcry3.exe] => F:\software\games\far cry 3\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{274BA925-9BBF-4577-B767-745CADF1563F}F:\software\games\soldier of fortune ii\sofii\sof2mp.exe] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
FirewallRules: [UDP Query User{39131056-EFDE-4862-B623-584719E55DF6}F:\software\games\soldier of fortune ii\sofii\sof2mp.exe] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
FirewallRules: [{51D5C84C-EC06-4B66-8B97-29F97EF6DADD}] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
FirewallRules: [{8693C76F-9955-42CE-9347-F96A1DC377AA}] => F:\software\games\soldier of fortune ii\sofii\sof2mp.exe
FirewallRules: [TCP Query User{4AF434C8-AC2C-4A4D-93EF-2DC15279E7CD}F:\software\games\installer\nfs\speed.exe] => F:\software\games\installer\nfs\speed.exe
FirewallRules: [UDP Query User{FEADED2F-464B-4069-8E84-85515A93F451}F:\software\games\installer\nfs\speed.exe] => F:\software\games\installer\nfs\speed.exe
FirewallRules: [{B89BD137-81B0-4E31-AD01-78B3F8B4C4B7}] => F:\software\games\installer\nfs\speed.exe
FirewallRules: [{38B83BD5-27C3-4688-BC76-1BF3959F4ED5}] => F:\software\games\installer\nfs\speed.exe
FirewallRules: [TCP Query User{E8148AC7-FCD0-4B80-A1AC-B86A34604F07}F:\software\games\installer\halo\halo.exe] => F:\software\games\installer\halo\halo.exe
FirewallRules: [UDP Query User{EC354E9E-95A3-4C9D-B0DE-95F96B6D6911}F:\software\games\installer\halo\halo.exe] => F:\software\games\installer\halo\halo.exe
FirewallRules: [{9BB1D990-D903-4304-994F-E5A07EC862F2}] => F:\software\games\installer\halo\halo.exe
FirewallRules: [{A212C0AA-B9A3-4B50-BBBE-FC525A2ABD33}] => F:\software\games\installer\halo\halo.exe
FirewallRules: [TCP Query User{129610E0-DC0E-4FF8-8776-1AE4EBD486D3}F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe] => F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe
FirewallRules: [UDP Query User{378AC9E0-9391-4766-98E0-69606E30A7D1}F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe] => F:\software\games\captain claw\captain claw - side-scrolling arcade-action game!\claw.exe
FirewallRules: [TCP Query User{D5A2F7BF-5D1A-49D8-93A9-EF4B5FA0095F}F:\software\games\installer\call of duty\codmp.exe] => F:\software\games\installer\call of duty\codmp.exe
FirewallRules: [UDP Query User{FBA6B1D1-2290-46C5-82F5-F7ACA2C3CC39}F:\software\games\installer\call of duty\codmp.exe] => F:\software\games\installer\call of duty\codmp.exe
FirewallRules: [TCP Query User{0D1B9C61-19E2-4E89-925A-7DA0CC1B067D}F:\software\games\farcry3\farcry 3\bin\farcry3.exe] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{649DC6C5-C57F-4ED5-980E-9F57F0BC904A}F:\software\games\farcry3\farcry 3\bin\farcry3.exe] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
FirewallRules: [{FFC2643B-6AEC-4CFE-989E-58BF68F803A3}] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
FirewallRules: [{C09F243A-2230-46AF-86C1-83F59E358EEB}] => F:\software\games\farcry3\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{8097223D-6718-46EF-A9BD-4D4BDAF64FD1}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
FirewallRules: [UDP Query User{692BC860-437D-411E-8771-4FB359389DDC}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
FirewallRules: [{2CC42872-87F3-4EB0-AA38-7D9E67ED03BA}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
FirewallRules: [{B4D89584-8165-4FD9-969F-885A27FD49F9}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hl.exe
FirewallRules: [TCP Query User{E0A55979-74A7-4CAD-96FC-074D85C350FF}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
FirewallRules: [UDP Query User{290ABCB2-C42F-4FAD-83C8-FE1916CBD055}F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
FirewallRules: [{59467AFF-7BB5-4717-ACE0-5283F0DA56A3}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
FirewallRules: [{FD3DE39F-D882-4214-9F64-CCBD388F4E14}] => F:\software\games\installer\counter strike 1.6\counter-strike 1.6 digital zone\hltv.exe
FirewallRules: [TCP Query User{5515D3EA-075A-4C7E-B4F4-EDED7D55EC9C}F:\software\games\installer\halo\halo\halo.exe] => F:\software\games\installer\halo\halo\halo.exe
FirewallRules: [UDP Query User{6EAE949A-F0A7-4B9D-ABBC-E7FCE11EA3B3}F:\software\games\installer\halo\halo\halo.exe] => F:\software\games\installer\halo\halo\halo.exe
FirewallRules: [TCP Query User{BFB97868-A203-4BDD-B425-01BB73A69A83}F:\software\games\installer\gamez\saints row 2\sr2_pc.exe] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
FirewallRules: [UDP Query User{BFAC110B-9B8D-4782-BD45-9C9BDE1E2ADB}F:\software\games\installer\gamez\saints row 2\sr2_pc.exe] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
FirewallRules: [{0FAFB5C2-DBC1-4F28-BE6A-5352D27F1487}] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
FirewallRules: [{CEE5232E-C659-4370-991D-BE78C263AFAC}] => F:\software\games\installer\gamez\saints row 2\sr2_pc.exe
FirewallRules: [TCP Query User{8FC7C3F8-825D-4179-9511-1FF0F8635C3A}F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe] => F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe
FirewallRules: [UDP Query User{A99A424C-9FF6-4879-8439-83E51CF9F2DB}F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe] => F:\software\games\installer\tom clancy collection\rs3-raven shield athena sword\ravenshield\system\ravenshield (2).exe
FirewallRules: [TCP Query User{C3CEA229-715E-4B14-A0AC-218B07CC8840}F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe] => F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe
FirewallRules: [UDP Query User{204275A5-0310-44F8-9FF9-848AD7A269FC}F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe] => F:\software\games\installer\tom clancy collection\ghost recon\ghostrec\ghostrecon.exe
FirewallRules: [TCP Query User{E0A923CA-37F9-40C5-8912-B3B3F3431C83}F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
FirewallRules: [UDP Query User{69C817E6-3DEA-4DED-A203-61A6E1C30DC2}F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
FirewallRules: [{02087311-366D-473D-BD16-290AD30133B3}] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
FirewallRules: [{F0149704-FE03-4EDC-B38D-6DEA540DB017}] => F:\software\games\installer\day.of.the.zombie_bycheaterneverdie\oneddl.com-a-dotzen\system\zombie.exe
FirewallRules: [{89D99642-ED43-4AE4-B1F6-96E71CF48BCC}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{00C9C4ED-B33C-4243-ACAB-CD14BA9E3484}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{38BAD83B-8038-42ED-810F-6FABA95FFC51}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{4C65AB3E-5508-48F1-AD20-4EFAE0E7EBDE}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{2A63243B-78F4-4D52-A420-CDD22C000181}F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe
FirewallRules: [UDP Query User{767D3BA2-8E1F-424A-85DC-0D11F9EB8D85}F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\rs3-raven shield athena sword\setup\system\ravenshield.exe
FirewallRules: [{4126805B-BEA0-498D-B46D-F3085F0EE3C4}] => F:\SOFTWARE\Evolve\EvoSvc.exe
FirewallRules: [{6E7C1E83-212F-40FD-B22D-87BED1ADC213}] => F:\SOFTWARE\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{AED538CB-BF3F-476A-B5DE-8B19B07A7CC6}F:\software\games\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{5E7FB950-282E-433E-8F32-50685E42161C}F:\software\games\valve\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
FirewallRules: [{F6ED12A7-5188-465A-8AC9-DC41032F1FFB}] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
FirewallRules: [{64B369A8-0D47-4D3D-8658-F1A14DCE01CC}] => F:\software\games\valve\valve\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{DBE353C2-674A-47C8-AB48-8B81A4943FC7}C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe] => C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe
FirewallRules: [UDP Query User{4234CAE8-167A-4DEA-B279-D53CF27B7BE8}C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe] => C:\users\john\appdata\local\temp\gm_ttt_8708\pong1.exe
FirewallRules: [TCP Query User{D874C16E-FAF9-4A6F-9DFC-F7FA40822D8F}C:\windows\system32\dplaysvr.exe] => C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{0366B07E-6302-426F-984F-493F9F805884}C:\windows\system32\dplaysvr.exe] => C:\windows\system32\dplaysvr.exe
FirewallRules: [{3C3677EC-414C-4146-9CEE-85BAB1163BDB}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{F8DF310B-0099-4A7F-8844-4D4E98349783}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9654B86F-F949-4FB6-B542-EB2C91CDB6A5}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{3D6ECB24-3443-4625-8843-308D478144A5}] => F:\SOFTWARE\vsdc\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [TCP Query User{656C0E3C-7FEE-45B1-9AFD-098A7FD7F09C}F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe] => F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe
FirewallRules: [UDP Query User{E1A1950F-8041-468C-A6ED-6F9ECA1675D5}F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe] => F:\software\games\splinter cell double agent\tcscda\tcscda\scda-offline\system\splintercell4.exe
FirewallRules: [TCP Query User{0AD87A43-72D8-487B-9D0A-FA25B8FFAE64}F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe] => F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe
FirewallRules: [UDP Query User{C034CDEC-7CF2-4029-A1D5-02FCB6674E6C}F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe] => F:\software\games\rise of arg\rise of the argonauts\binaries\riseoftheargonauts.exe
FirewallRules: [TCP Query User{54F90538-28EA-42D1-B756-22308F9325E6}F:\software\games\sector 8\section 8\binaries\s8game-f.exe] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
FirewallRules: [UDP Query User{10742634-2E26-49D4-B53D-77D6FDF504F8}F:\software\games\sector 8\section 8\binaries\s8game-f.exe] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
FirewallRules: [{821C5ACD-82F3-402D-8184-B616F6B43623}] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
FirewallRules: [{0E586078-99D5-4C81-AA41-70094B030A61}] => F:\software\games\sector 8\section 8\binaries\s8game-f.exe
FirewallRules: [TCP Query User{1561A5D2-AD2B-42A2-9EEC-B7A6D6F211D5}F:\software\games\7554\7554\7554.exe] => F:\software\games\7554\7554\7554.exe
FirewallRules: [UDP Query User{BC274553-222F-4668-8735-4DB98167AD17}F:\software\games\7554\7554\7554.exe] => F:\software\games\7554\7554\7554.exe
FirewallRules: [{24EC96A4-A6E8-42EA-840B-450DDA4DCA11}] => F:\software\games\7554\7554\7554.exe
FirewallRules: [{5AA23779-A841-41E0-916A-117B7A16E84D}] => F:\software\games\7554\7554\7554.exe
FirewallRules: [TCP Query User{7CFAE32C-EC2D-4D62-A2A5-13A4E04890FF}F:\software\games\tom clancy's h.a.w.x\hawx.exe] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
FirewallRules: [UDP Query User{6CF710F5-FEB3-4BFF-B07C-F1776A2D0A0C}F:\software\games\tom clancy's h.a.w.x\hawx.exe] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
FirewallRules: [{9AAE82DA-0AFA-4C45-AAFE-A26D51C9EC0B}] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
FirewallRules: [{E6FD0997-A736-45F9-A3ED-3260E6C3544B}] => F:\software\games\tom clancy's h.a.w.x\hawx.exe
FirewallRules: [TCP Query User{2E0282CF-546F-47E4-8D6D-049307122F46}F:\software\games\cs\hl.exe] => F:\software\games\cs\hl.exe
FirewallRules: [UDP Query User{D82F8AF8-C26A-4AD9-82CC-BDFCBDD1C6D6}F:\software\games\cs\hl.exe] => F:\software\games\cs\hl.exe
FirewallRules: [{E1AFE0DC-05C6-484A-ADF5-7941FE4D9EA9}] => F:\software\games\cs\hl.exe
FirewallRules: [{CCCF62A2-8B00-40E9-B9B1-F0ED1F17709E}] => F:\software\games\cs\hl.exe
FirewallRules: [TCP Query User{5117D8C9-92AB-431F-9B6E-70B56B7A4544}F:\software\games\splinter cell ct\system\splintercell3.exe] => F:\software\games\splinter cell ct\system\splintercell3.exe
FirewallRules: [UDP Query User{96C09BCC-877D-4AEE-BAE6-F4C7233B19C7}F:\software\games\splinter cell ct\system\splintercell3.exe] => F:\software\games\splinter cell ct\system\splintercell3.exe
FirewallRules: [{416B201D-3A7C-4EB6-AAEB-FDE5FDF9D98F}] => F:\software\games\splinter cell ct\system\splintercell3.exe
FirewallRules: [{E7FB67BB-3B0C-434B-9534-63B5AAA964A9}] => F:\software\games\splinter cell ct\system\splintercell3.exe
FirewallRules: [TCP Query User{B057F8FB-F20A-4C6A-955D-8662800E4ED9}F:\software\games\cod\codmp.exe] => F:\software\games\cod\codmp.exe
FirewallRules: [UDP Query User{2CB6A5EE-75C7-43E3-A745-B9C52E71B6F1}F:\software\games\cod\codmp.exe] => F:\software\games\cod\codmp.exe
FirewallRules: [{882E3EA8-552D-4C3F-B014-6F6DA7D33582}] => F:\software\games\cod\codmp.exe
FirewallRules: [{B0F5EA44-DF41-4D5F-AD2D-8C623CB3D08B}] => F:\software\games\cod\codmp.exe
FirewallRules: [TCP Query User{39A16B65-56F4-4875-B0FC-032E6BF4E8C8}F:\software\games\commandos\commxpc.exe] => F:\software\games\commandos\commxpc.exe
FirewallRules: [UDP Query User{C546F9C6-C7F2-415A-9C96-4B05CC6AFC36}F:\software\games\commandos\commxpc.exe] => F:\software\games\commandos\commxpc.exe
FirewallRules: [{45F24DA3-CF2E-479F-A542-52CBFE0E353D}] => C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1A3589AB-8A4E-4D11-96F5-87A9E712D35E}] => C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BC83DDAB-7528-421B-A78E-C36EC5D4FCDC}] => C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{BA95809E-C008-4B02-85D5-468D1B170162}] => C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9B0F94BC-B56C-4398-81E0-4863FC73642E}] => C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5248034F-37AE-4D40-9927-66B4F2006145}] => C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{751C55DA-C21A-4192-88FD-FE26DEF168A9}] => C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{7F0EEFDA-C9D8-4DA1-879E-48DF820D947D}] => C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{141BAF04-3919-47AB-A7EE-E38663D23B7A}] => C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{56748069-3B3F-4382-A34B-C1F5D8FC3DD8}] => C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{D5ED4FB1-9F3F-4128-87EE-FA053CDC56BD}F:\software\games\sr4\saints row iv\saintsrowiv.exe] => F:\software\games\sr4\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{036B1728-2F72-4B86-BFBF-5DBCC0AFF030}F:\software\games\sr4\saints row iv\saintsrowiv.exe] => F:\software\games\sr4\saints row iv\saintsrowiv.exe
FirewallRules: [TCP Query User{98821F78-265E-41DB-B91F-BE85F968B1C9}C:\gog games\serious sam the first encounter\bin\serioussam.exe] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
FirewallRules: [UDP Query User{7A11F9C2-E351-487B-9A74-E1130272EC17}C:\gog games\serious sam the first encounter\bin\serioussam.exe] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
FirewallRules: [{421E876F-88CA-4C4A-95CE-FD49211723DF}] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
FirewallRules: [{5A99C861-00B6-4C91-8A61-2532740D4431}] => C:\gog games\serious sam the first encounter\bin\serioussam.exe
FirewallRules: [TCP Query User{53B9040E-B249-4BED-9F11-3CA17872BAE5}F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe
FirewallRules: [UDP Query User{D03F3EF5-6813-4DC5-BEA9-8169CEBB59BF}F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe] => F:\software\games\installer\rs3-raven shield athena sword\setup\system\ravenshield.exe
FirewallRules: [TCP Query User{DB6B8000-29B5-49BC-A9D6-F80403A7832C}F:\software\games\bionic commando\bionic commando\bionic_commando.exe] => F:\software\games\bionic commando\bionic commando\bionic_commando.exe
FirewallRules: [UDP Query User{31BCDF30-7759-4A21-A409-DFBE1CEE1788}F:\software\games\bionic commando\bionic commando\bionic_commando.exe] => F:\software\games\bionic commando\bionic commando\bionic_commando.exe
FirewallRules: [TCP Query User{20A8FF64-781E-4165-BF41-B1E62DC781F6}F:\software\games\sof3\sof3.exe] => F:\software\games\sof3\sof3.exe
FirewallRules: [UDP Query User{E3D1F40C-8A2B-4C1C-AE73-851EF83C4BC2}F:\software\games\sof3\sof3.exe] => F:\software\games\sof3\sof3.exe
FirewallRules: [{3714EEE8-26C0-463B-978D-358C2CAFE79F}] => F:\SOFTWARE\GAMES\Graw2\Ghost Recon Advanced Warfighter 2\graw2.exe
FirewallRules: [{91C8F6CF-03DC-4A43-8548-0A32A8D1060C}] => F:\SOFTWARE\GAMES\Graw2\Ghost Recon Advanced Warfighter 2\graw2.exe
FirewallRules: [{378BED23-54BC-486A-98F5-502539EB354E}] => F:\software\games\sof3\sof3.exe
FirewallRules: [{9E643B47-CCC0-4817-8257-5A169DE94A37}] => F:\software\games\sof3\sof3.exe
FirewallRules: [{06FACBF3-AA5C-49E1-867C-F4D331CCF975}] => F:\SOFTWARE\DM\Free Download Manager\fdm.exe
FirewallRules: [{5C3D3E23-B6B1-442D-97C5-3D94E75FCAF0}] => F:\SOFTWARE\DM\Free Download Manager\fdm.exe
FirewallRules: [{F38F9695-0B86-4805-822F-3F1D28F356DE}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{E8BE00EC-4603-4439-8844-E05A922A4502}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{18442C2E-57E7-4145-B5CE-3E24D9B299B4}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{C4FC2CDC-4E9B-47A7-B302-B6B1DA331D48}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{C170AA34-9B06-46CD-8FE8-6F15ADC67BE9}F:\software\games\splinter cell\system\splintercell3.exe] => F:\software\games\splinter cell\system\splintercell3.exe
FirewallRules: [UDP Query User{87CD7198-DBA4-46C9-9072-B2EE9170C635}F:\software\games\splinter cell\system\splintercell3.exe] => F:\software\games\splinter cell\system\splintercell3.exe
FirewallRules: [{5801FC5D-313A-45D3-A659-057BE8D61AE1}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DE04621E-46CE-4D17-ADAE-3033DE564FC6}] => F:\SteamLibrary\steamapps\common\Warface\live\nw.exe
FirewallRules: [{5A919273-227A-4859-AB48-2297EF57E136}] => F:\SteamLibrary\steamapps\common\Warface\live\nw.exe
FirewallRules: [TCP Query User{35D66C09-3AA4-4AC3-8FC2-D29B83E33BAA}F:\software\games\call of duty\codmp.exe] => F:\software\games\call of duty\codmp.exe
FirewallRules: [UDP Query User{CC94E2E4-2467-4B6F-882C-94987497B018}F:\software\games\call of duty\codmp.exe] => F:\software\games\call of duty\codmp.exe
FirewallRules: [{A8AA4752-EE25-4A4F-A69A-1EDAA3A47782}] => F:\software\games\call of duty\codmp.exe
FirewallRules: [{12D5983F-BAC3-4057-8568-B97C2C9F87EC}] => F:\software\games\call of duty\codmp.exe
FirewallRules: [TCP Query User{3B3CA9C7-30FA-40A5-BD4F-AECFC24466A0}D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe] => D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe
FirewallRules: [UDP Query User{A575CF5E-E345-4CDB-B244-41BA08F85A1A}D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe] => D:\simon\call.of.duty.4.modern.warfare.www.download.ir\call.of.duty.4.modern.warfare.www.download.ir\iw3mp.exe
FirewallRules: [{5DEFCD40-112B-47A9-9AAD-3174C4E8D461}] => F:\SOFTWARE\GAMES\I Am Alive\src\System\IAmAlive_game.exe
FirewallRules: [{C6EE05D7-5201-4C52-A3CE-30F688B03BA4}] => F:\SOFTWARE\GAMES\I Am Alive\src\System\IAmAlive_game.exe
FirewallRules: [{6DB37E13-089D-43E9-9797-9C35A7817FC4}] => F:\SOFTWARE\GAMES\I Am Alive\IAmAlive_Launcher.exe
FirewallRules: [{6DA7649C-598A-4B3C-9DA4-B64767879F84}] => F:\SOFTWARE\GAMES\I Am Alive\IAmAlive_Launcher.exe
FirewallRules: [{E6A14F82-5B8D-4FC7-96FE-555BAE791DB0}] => C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9181A1B2-0715-4910-A4FC-A70A1B3F051E}] => C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33E445DB-E29F-4233-9B8D-45BCB6C98E18}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{591114D1-AE28-4B70-B660-C1D83613953E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3C9AE3E5-8C51-4C6D-B4D9-D78DF85C462F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EC3AE57F-F1E8-48D8-B271-F67387FBFA13}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FD05D236-EA1D-4D2C-9F26-EC1DD430A5C7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{37B03555-DFC4-40FB-9470-3AF3EB308255}F:\software\games\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{28FAAD15-85CF-49A9-9A16-4734625CDC3F}F:\software\games\valve\left 4 dead\left4dead.exe] => F:\software\games\valve\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{29749E34-B790-41E0-B9BC-CA1C4DE85BD2}C:\xiaomi\xiaomiflash\xiaomiflash.exe] => C:\xiaomi\xiaomiflash\xiaomiflash.exe
FirewallRules: [UDP Query User{E1DAD9D0-9E32-4764-8026-30FDC9E18526}C:\xiaomi\xiaomiflash\xiaomiflash.exe] => C:\xiaomi\xiaomiflash\xiaomiflash.exe
FirewallRules: [TCP Query User{0DDD5B00-1944-498C-9251-4A8C986F905A}F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe] => F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe
FirewallRules: [UDP Query User{A44743A5-C7F8-4462-AB22-4C4DB2073A82}F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe] => F:\software\games\kane and lynch\kane & lynch - dead men\kaneandlynch.exe
FirewallRules: [TCP Query User{79CAE1F3-AC2C-48CF-8673-49EC74DE558E}F:\software\unity\editor\unity.exe] => F:\software\unity\editor\unity.exe
FirewallRules: [UDP Query User{45087234-3A5E-47C9-9C04-E775DA97778E}F:\software\unity\editor\unity.exe] => F:\software\unity\editor\unity.exe
FirewallRules: [{027C58D1-6DCE-49C3-A112-0F2C1453C1C3}] => F:\software\unity\editor\unity.exe
FirewallRules: [{5420C678-C973-4CEB-81AE-BA22023E9E74}] => F:\software\unity\editor\unity.exe
FirewallRules: [{D5103368-EB1B-48FB-94C3-94225619A57D}] => F:\SteamLibrary\steamapps\common\WARMODE\warmode.exe
FirewallRules: [{3E07BBE1-AA06-45A3-9F25-9039288D9B37}] => F:\SteamLibrary\steamapps\common\WARMODE\warmode.exe
FirewallRules: [TCP Query User{5300A8F6-6508-4BFB-B96A-21B13A4A779F}F:\software\games\crysis\crysis\crysis.exe] => F:\software\games\crysis\crysis\crysis.exe
FirewallRules: [UDP Query User{5119D2A0-C0F7-4570-860C-77890D85C156}F:\software\games\crysis\crysis\crysis.exe] => F:\software\games\crysis\crysis\crysis.exe
FirewallRules: [TCP Query User{AF30BE37-639F-40A4-93E6-271EB56609A9}E:\games\left 4 dead 2\left4dead 2\left4dead2.exe] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
FirewallRules: [UDP Query User{7DD6800E-63FA-4F3C-B1D2-CA809175DC17}E:\games\left 4 dead 2\left4dead 2\left4dead2.exe] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
FirewallRules: [{63F07EE9-8889-4327-98B0-2D1A1F5961E9}] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
FirewallRules: [{1073B8A9-D573-42D4-A1BF-3E3ABF83F695}] => E:\games\left 4 dead 2\left4dead 2\left4dead2.exe
FirewallRules: [{6C18558D-77F4-4EED-9185-47A8C2D70A0C}] => C:\Program Files\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{51E6E357-EC56-4957-AE91-9D69BE2F05F8}] => C:\Program Files\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [TCP Query User{7C9E4798-BB6A-4AB5-9B2C-29F7CC1D7896}E:\games\trackmania2\trackmania 2\maniaplanet.exe] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
FirewallRules: [UDP Query User{4F0CE124-E15C-45E5-824C-A3E443A2351F}E:\games\trackmania2\trackmania 2\maniaplanet.exe] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
FirewallRules: [{99A7878C-1DF3-4903-8D9A-86B2DDA5BD8A}] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
FirewallRules: [{D7A3EBC0-8DA6-46AB-8068-AF5CE70D8D8F}] => E:\games\trackmania2\trackmania 2\maniaplanet.exe
FirewallRules: [TCP Query User{11C50F83-E74D-49CE-B992-97B50C3FD6EA}C:\games\trackmania 2\maniaplanet.exe] => C:\games\trackmania 2\maniaplanet.exe
FirewallRules: [UDP Query User{6C125162-207D-4E43-BABF-3E09A26DBB82}C:\games\trackmania 2\maniaplanet.exe] => C:\games\trackmania 2\maniaplanet.exe
FirewallRules: [TCP Query User{F07127DC-16AA-4117-A7F2-86B1BCC2698B}C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
FirewallRules: [UDP Query User{EFFCE1AB-1002-498E-B3F1-28A9F748641C}C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe] => C:\users\john\appdata\local\ucbrowser\user data_i18n\thunder\1.0.0.0\download\minithunderplatform.exe
FirewallRules: [TCP Query User{E7E1179A-87BC-4447-896C-4D09AE20A648}E:\games\midtown madness 2\midtown madness 2\midtown2.exe] => E:\games\midtown madness 2\midtown madness 2\midtown2.exe
FirewallRules: [UDP Query User{FAB75568-B9A7-41CE-B12E-95DA895FD3B8}E:\games\midtown madness 2\midtown madness 2\midtown2.exe] => E:\games\midtown madness 2\midtown madness 2\midtown2.exe
FirewallRules: [TCP Query User{605508C3-4E62-4D7D-A634-97C8EA7A81BC}E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin] => E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin
FirewallRules: [UDP Query User{D0E40591-6199-4774-B275-B7808E03D3E6}E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin] => E:\games\syndicate\syndicate\system\win32_x86_release\syndicate.bin
FirewallRules: [TCP Query User{8EAF3A2A-EF8A-449C-8294-B42DF132CEA0}E:\games\sof3\sof3.exe] => E:\games\sof3\sof3.exe
FirewallRules: [UDP Query User{996318BB-D31C-4C17-AE98-84456E4B0ACE}E:\games\sof3\sof3.exe] => E:\games\sof3\sof3.exe
FirewallRules: [TCP Query User{E60D9CCA-64E8-4609-8203-563FD177322E}F:\need for speed\speed.exe] => F:\need for speed\speed.exe
FirewallRules: [UDP Query User{BD4E4D81-29AE-44C6-82FB-FCF869F58482}F:\need for speed\speed.exe] => F:\need for speed\speed.exe
FirewallRules: [TCP Query User{F2989582-E63E-404A-84A6-77DEF46079EB}E:\games\new folder\motogp.exe] => E:\games\new folder\motogp.exe
FirewallRules: [UDP Query User{71F44CAD-50DE-4644-8F72-FAA18D89A4BF}E:\games\new folder\motogp.exe] => E:\games\new folder\motogp.exe
FirewallRules: [TCP Query User{35317282-9BEE-4AE9-B03A-59941A6C10A3}F:\software\games\p2\prototype 2\prototype2.exe] => F:\software\games\p2\prototype 2\prototype2.exe
FirewallRules: [UDP Query User{BEBACC49-90FE-417F-A603-E51E2B8EF85C}F:\software\games\p2\prototype 2\prototype2.exe] => F:\software\games\p2\prototype 2\prototype2.exe
FirewallRules: [TCP Query User{B41B3C24-BF11-4C4C-AFC0-054DAB75B7D4}E:\games\crysis 2\crysis 2\bin32\crysis2.exe] => E:\games\crysis 2\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{76FC0088-6A19-4C26-AE93-C0CF16E7E6D9}E:\games\crysis 2\crysis 2\bin32\crysis2.exe] => E:\games\crysis 2\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{9E69EE81-7209-49C6-A726-74F579C2FFAE}E:\games\motogp\motogp.exe] => E:\games\motogp\motogp.exe
FirewallRules: [UDP Query User{707910D1-008B-4F44-AD1F-53A8C19A1DA2}E:\games\motogp\motogp.exe] => E:\games\motogp\motogp.exe
FirewallRules: [{3750D5AA-A6A8-44AF-B2DF-5688127DF701}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C74D8111-1304-49EF-BCC8-C04CA37DE4B1}] => C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{8EA6AE7B-F084-4F63-AB2B-6B2BFBA107E0}E:\games\driver san francisco\driver.exe] => E:\games\driver san francisco\driver.exe
FirewallRules: [UDP Query User{A579F6F1-5419-47CE-B014-0B86B1954E53}E:\games\driver san francisco\driver.exe] => E:\games\driver san francisco\driver.exe
FirewallRules: [{65B29817-6843-44DF-842C-1DDF17315856}] => F:\EVL\EvoSvc.exe
FirewallRules: [{39B440DE-AD08-40F4-BB2D-90B1C07FA6CA}] => F:\EVL\EvolveClient.exe
FirewallRules: [TCP Query User{35C2C89D-84E0-437F-996F-5047A99FC2CC}E:\games\dead space\dead space.exe] => E:\games\dead space\dead space.exe
FirewallRules: [UDP Query User{235A9A61-C21B-4E42-8256-53504771DD08}E:\games\dead space\dead space.exe] => E:\games\dead space\dead space.exe
FirewallRules: [TCP Query User{D1B04FBE-CC2D-4DCF-B25F-1B7710241BB4}F:\software\unity\monodevelop\bin\monodevelop.exe] => F:\software\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{33227A65-86A5-4C0F-A845-BF457930F915}F:\software\unity\monodevelop\bin\monodevelop.exe] => F:\software\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{A4FEEF1C-5DDE-4612-9F52-7974ABDDF337}] => F:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{0E3861F2-5127-44C9-94AD-0340FAEC98A2}] => F:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{9DBA3FD9-DAA2-454B-948A-83C392578C84}F:\steamlibrary\steamapps\common\cry of fear\cof.exe] => F:\steamlibrary\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{50B6F80D-EE35-47B0-8FAD-6E9A6C433579}F:\steamlibrary\steamapps\common\cry of fear\cof.exe] => F:\steamlibrary\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{FBCE72C1-85DF-4D1A-B496-83B9B4CDD8E7}E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe] => E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe
FirewallRules: [UDP Query User{13DBFA50-A782-4CE3-A307-0FF7D7506A7D}E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe] => E:\games\ghost recon future soldier\tom clancys ghost recon future soldier\future soldier.exe
FirewallRules: [{EE08187A-7764-4AF2-A224-618F12D31EDD}] => E:\Games\FarCry2\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{A2E80555-3220-43A3-8A87-5E54D6EA0576}] => E:\Games\FarCry2\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{70DB4B0D-C60C-4C74-AB46-4FB4D8402DBA}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{8FDEE838-A7ED-42A4-BEDC-A84C044FD480}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{2CF9C72C-1453-4AAC-8719-5443E65F965D}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{D75B646A-95ED-4E98-83F5-B826EC83DE72}] => E:\Games\FarCry2\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [TCP Query User{5B972FC1-7FE1-48FE-B860-C94D8B89052B}E:\nfs\speed.exe] => E:\nfs\speed.exe
FirewallRules: [UDP Query User{C995FF46-02AA-43FA-BF1A-70D3AEE4A48D}E:\nfs\speed.exe] => E:\nfs\speed.exe
FirewallRules: [{E71E0CF0-02E3-4CDF-A157-C07D4249CA24}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0FADEF8B-4BE2-4B02-8F45-5A2A1AB8A04B}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E5EDABDD-5243-4035-8F6B-7804D632A7E9}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C4E1579-449F-47C2-B663-80E9A383C6A9}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8A979DF7-3457-4C99-8975-AB1502F40A87}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4DBB37D5-BECB-4474-A953-BC028B25CD55}] => C:\Users\john\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{21C3420A-7E1F-4B18-95DE-E1253D968391}E:\games\call of duty 2\cod2\cod2mp_s.exe] => E:\games\call of duty 2\cod2\cod2mp_s.exe
FirewallRules: [UDP Query User{FB3DFE79-D858-429F-A535-84FF74B4BEB8}E:\games\call of duty 2\cod2\cod2mp_s.exe] => E:\games\call of duty 2\cod2\cod2mp_s.exe
FirewallRules: [{1A7ED244-53F3-4FEA-AFE5-696A57D80215}] => C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/11/2017 11:39:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/11/2017 11:39:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/11/2017 11:39:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/11/2017 11:39:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/11/2017 08:57:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/11/2017 08:49:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/11/2017 08:49:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
System errors:
=============
Error: (02/11/2017 11:55:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/11/2017 11:53:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sfdrv01
sfsync02
sfvfs02
Error: (02/11/2017 11:52:49 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfdrv01.sys has been blocked from loading.
Error: (02/11/2017 11:52:49 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfvfs02.sys has been blocked from loading.
Error: (02/11/2017 11:52:47 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfsync02.sys has been blocked from loading.
Error: (02/11/2017 11:49:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/11/2017 11:48:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s).
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 37%
Total physical RAM: 2047.3 MB
Available physical RAM: 1281.2 MB
Total Virtual: 4094.61 MB
Available Virtual: 3192.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.96 GB) (Free:7.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (MOVIES) (Fixed) (Total:83.01 GB) (Free:9.95 GB) NTFS
Drive e: (USER) (Fixed) (Total:83.01 GB) (Free:10.34 GB) NTFS
Drive f: (SOFTWARE) (Fixed) (Total:83.02 GB) (Free:5.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2146DE3F)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=83 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================